[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Access denied
Errors
If you encounter Access denied
errors when you try to connect to the
MySQL server, the following list indicates some courses of
action you can take to correct the problem:
mysql_install_db
script to set up the initial grant table contents? If not, do so.
See section 5.5.3 Setting Up the Initial MySQL Privileges. Test the initial privileges by executing
this command:
shell> mysql -u root test |
The server should let you connect without error. You should also make sure
you have a file `user.MYD' in the MySQL database directory.
Ordinarily, this is `PATH/var/mysql/user.MYD', where PATH
is the
pathname to the MySQL installation root.
shell> mysql -u root mysql |
The server should let you connect because the MySQL root
user
has no password initially. That is also a security risk, so setting the
root
password is something you should do while you're setting up
your other MySQL users.
If you try to connect as root
and get this error:
Access denied for user: '@unknown' to database mysql |
this means that you don't have an entry in the user
table with a
User
column value of 'root'
and that mysqld
cannot
resolve the hostname for your client. In this case, you must restart the
server with the --skip-grant-tables
option and edit your
`/etc/hosts' or `\windows\hosts' file to add an entry for your
host.
shell> mysqladmin -u root -pxxxx ver Access denied for user: 'root@localhost' (Using password: YES) |
It means that you are using an incorrect password. See section 5.5.7 Setting Up Passwords.
If you have forgot the root password, you can restart mysqld
with
--skip-grant-tables
to change the password.
See section A.4.2 How to Reset a Forgotten Root Password.
If you get the above error even if you haven't specified a password,
this means that you have an incorrect password in some my.ini
file. See section 4.3.2 Using Option Files. You can avoid using option files with the --no-defaults
option, as follows:
shell> mysqladmin --no-defaults -u root ver |
mysql_fix_privilege_tables
script? If not, do so. The structure of
the grant tables changed with MySQL Version 3.22.11 when the
GRANT
statement became functional.
See section 2.5.8 Upgrading the Grant Tables.
PASSWORD()
function if you set the password with the
INSERT
, UPDATE
, or SET PASSWORD
statements. The
PASSWORD()
function is unnecessary if you specify the password using
the GRANT ... IDENTIFIED BY
statement or the mysqladmin
password
command.
See section 5.5.7 Setting Up Passwords.
localhost
is a synonym for your local hostname, and is also the
default host to which clients try to connect if you specify no host
explicitly. However, connections to localhost
do not work if you are
using a MySQL version prior to 3.23.27 that uses MIT-pthreads
(localhost
connections are made using Unix socket files, which were not
supported by MIT-pthreads at that time). To avoid this problem on such
systems, you should use the --host
option to name
the server host explicitly. This will make a TCP/IP connection to the
mysqld
server. In this case, you must have your real hostname in
user
table entries on the server host. (This is true even if you are
running a client program on the same host as the server.)
Access denied
error when trying to connect to the
database with mysql -u user_name db_name
, you may have a problem
with the user
table. Check this by executing mysql -u root
mysql
and issuing this SQL statement:
mysql> SELECT * FROM user; |
The result should include an entry with the Host
and User
columns matching your computer's hostname and your MySQL username.
Access denied
error message will tell you who you are trying
to log in as, the host from which you are trying to connect, and whether
or not you were using a password. Normally, you should have one entry in
the user
table that exactly matches the hostname and username
that were given in the error message. For example if you get an error
message that contains Using password: NO
, this means that you
tried to log in without an password.
user
table that matches that host:
Host ... is not allowed to connect to this MySQL server |
You can fix this by using the command-line tool mysql
(on the
server host!) to add a row to the user
, db
, or host
table for the user/hostname combination from which you are trying to
connect and then execute mysqladmin flush-privileges
. If you are
not running MySQL Version 3.22 and you don't know the IP number or
hostname of the machine from which you are connecting, you should put an
entry with '%'
as the Host
column value in the user
table and restart mysqld
with the --log
option on the
server machine. After trying to connect from the client machine, the
information in the MySQL log will indicate how you really did
connect. (Then replace the '%'
in the user
table entry
with the actual hostname that shows up in the log. Otherwise, you'll
have a system that is insecure.)
Another reason for this error on Linux is that you are using a binary MySQL version that is compiled with a different glibc version than the one you are using. In this case you should either upgrade your OS/glibc or download the source MySQL version and compile this yourself. A source RPM is normally trivial to compile and install, so this isn't a big problem.
shell> mysqladmin -u root -pxxxx -h some-hostname ver Access denied for user: 'root@' (Using password: YES) |
This means that MySQL got some error when trying to resolve the
IP to a hostname. In this case you can execute mysqladmin
flush-hosts
to reset the internal DNS cache. See section 7.5.5 How MySQL uses DNS.
Some permanent solutions are:
mysqld
with --skip-name-resolve
.
mysqld
with --skip-host-cache
.
localhost
if you are running the server and the client
on the same machine.
/etc/hosts
.
mysql -u root test
works but mysql -h your_hostname -u root
test
results in Access denied
, then you may not have the correct name
for your host in the user
table. A common problem here is that the
Host
value in the user table entry specifies an unqualified hostname,
but your system's name resolution routines return a fully qualified domain
name (or vice-versa). For example, if you have an entry with host
'tcx'
in the user
table, but your DNS tells MySQL that
your hostname is 'tcx.subnet.se'
, the entry will not work. Try adding
an entry to the user
table that contains the IP number of your host as
the Host
column value. (Alternatively, you could add an entry to the
user
table with a Host
value that contains a wildcard--for
example, 'tcx.%'
. However, use of hostnames ending with `%' is
insecure and is not recommended!)
mysql -u user_name test
works but mysql -u user_name
other_db_name
doesn't work, you don't have an entry for other_db_name
listed in the db
table.
mysql -u user_name db_name
works when executed on the server
machine, but mysql -h host_name -u user_name db_name
doesn't work when
executed on another client machine, you don't have the client machine listed
in the user
table or the db
table.
Access denied
, remove from the
user
table all entries that have Host
values containing
wildcards (entries that contain `%' or `_'). A very common error
is to insert a new entry with Host
='%'
and
User
='some user'
, thinking that this will allow you to specify
localhost
to connect from the same machine. The reason that this
doesn't work is that the default privileges include an entry with
Host
='localhost'
and User
="
. Because that entry
has a Host
value 'localhost'
that is more specific than
'%'
, it is used in preference to the new entry when connecting from
localhost
! The correct procedure is to insert a second entry with
Host
='localhost'
and User
='some_user'
, or to
remove the entry with Host
='localhost'
and
User
="
.
db
or
host
table:
Access to database denied |
If the entry selected from the db
table has an empty value in the
Host
column, make sure there are one or more corresponding entries in
the host
table specifying which hosts the db
table entry
applies to.
If you get the error when using the SQL commands SELECT ...
INTO OUTFILE
or LOAD DATA INFILE
, your entry in the user
table
probably doesn't have the FILE
privilege enabled.
Access denied
when you run a client without any options, make
sure you haven't specified an old password in any of your option files!
See section 4.3.2 Using Option Files.
INSERT
or
UPDATE
statement) and your changes seem to be ignored, remember
that you must issue a FLUSH PRIVILEGES
statement or execute a
mysqladmin flush-privileges
command to cause the server to re-read
the privilege tables. Otherwise, your changes have no effect until the
next time the server is restarted. Remember that after you set the
root
password with an UPDATE
command, you won't need to
specify it until after you flush the privileges, because the server
won't know you've changed the password yet!
mysql -u user_name db_name
or mysql
-u user_name -pyour_pass db_name
. If you are able to connect using the
mysql
client, there is a problem with your program and not with the
access privileges. (Note that there is no space between -p
and the
password; you can also use the --password=your_pass
syntax to specify
the password. If you use the -p
option alone, MySQL will
prompt you for the password.)
mysqld
daemon with the
--skip-grant-tables
option. Then you can change the MySQL
grant tables and use the mysqlaccess
script to check whether
your modifications have the desired effect. When you are satisfied with your
changes, execute mysqladmin flush-privileges
to tell the mysqld
server to start using the new grant tables. Note: Reloading the
grant tables overrides the --skip-grant-tables
option. This allows
you to tell the server to begin using the grant tables again without bringing
it down and restarting it.
mysqld
daemon with a debugging
option (for example, --debug=d,general,query
). This will print host and
user information about attempted connections, as well as information about
each command issued. See section D.1.2 Creating Trace Files.
mysqldump mysql
command. As always, post your problem using
the mysqlbug
script. See section 1.7.1.3 How to Report Bugs or Problems. In some cases you may need
to restart mysqld
with --skip-grant-tables
to run
mysqldump
.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |