Ubuntu安裝MySQL成功後，普通用戶無權訪問：ERROR 1045 (28000): Access denied

Ubuntu安裝Mysql很簡單，但是也會遇到一些問題。

我的Ubuntu版本是18.04.1，安裝mysql版本是5.7。

Ubuntu安裝MySQL的步驟如下：

1. sudo apt-get install mysql-server

2. apt-get install mysql-client

3.  sudo apt-get install libmysqlclient-dev

安裝以後，通過mysql --version命令查看版本信息：

mysql  Ver 14.14 Distrib 5.7.26, for Linux (x86_64) using  EditLine wrapper

mysql是安裝成功了，但是直接輸入mysql，卻顯示沒有權限：

ERROR 1045 (28000): Access denied for user 'qingyuan'@'localhost' (using password: NO)

根據網上的建議，查看mysql到底有沒有啓動：

sudo netstat -tap |grep mysql

輸出顯示是成功的：

tcp        0      0 localhost:mysql         0.0.0.0:*               LISTEN      4892/mysqld   

繼續跟隨網上建議，關閉mysql，然後重啓

systemctl restart mysqld

輸出如下：

Failed to start mysqld.service: Unit mysqld.service not found.

輸出顯示：沒有mysqld.service這個單元。

輸入mysqld命令，輸出如下：

mysqld: Can't change dir to '/var/lib/mysql/' (Errcode: 13 - Permission denied)
2019-07-01T13:44:44.228936Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000)
2019-07-01T13:44:44.229209Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000)
2019-07-01T13:44:44.479228Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2019-07-01T13:44:44.596275Z 0 [Warning] Can't create test file /var/lib/mysql/ubuntu.lower-test
2019-07-01T13:44:44.597278Z 0 [Note] mysqld (mysqld 5.7.26-0ubuntu0.18.04.1) starting as process 3561 ...
2019-07-01T13:44:44.905374Z 0 [Warning] Can't create test file /var/lib/mysql/ubuntu.lower-test
2019-07-01T13:44:44.905433Z 0 [Warning] Can't create test file /var/lib/mysql/ubuntu.lower-test
2019-07-01T13:44:44.936710Z 0 [Warning] One can only use the --user switch if running as root

2019-07-01T13:44:44.937074Z 0 [ERROR] failed to set datadir to /var/lib/mysql/
2019-07-01T13:44:44.937156Z 0 [ERROR] Aborting

2019-07-01T13:44:44.939133Z 0 [Note] Binlog end
2019-07-01T13:44:44.958845Z 0 [Note] mysqld: Shutdown complete

但是，切換到root後，卻可以直接訪問mysql了

這到底是爲什麼？

這得從Ubuntu下安裝高版本的MySql有關。在Ubuntu上安裝MySQL時，對於root用戶，可以設置空密碼。

輸入如下指令查看mysql賬戶信息：

SELECT User, Host, HEX(authentication_string) FROM mysql.user;

輸出爲： 

+------------------+-----------+------------------------------------------------------------------------------------+
| User             | Host      | HEX(authentication_string)                                                         |
+------------------+-----------+------------------------------------------------------------------------------------+
| root             | localhost |                                                                                    |
| mysql.session    | localhost | 2A5448495349534E4F544156414C494450415353574F52445448415443414E42455553454448455245 |
| mysql.sys        | localhost | 2A5448495349534E4F544156414C494450415353574F52445448415443414E42455553454448455245 |
| debian-sys-maint | localhost | 2A33383636414146424141463045393833383341423435353142373433363739333531383934423043 |
+------------------+-----------+------------------------------------------------------------------------------------+

我們看到，root的密碼確實爲空。

試着改變root的密碼，輸入如下指令：

ALTER USER 'root'@'localhost' IDENTIFIED BY 'test';

輸出爲：

Query OK, 0 rows affected (0.00 sec)

然後發現，root的密碼仍然爲空，繼續嘗試：

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('test');

輸出：

Query OK, 0 rows affected, 2 warnings (0.02 sec)

仍然沒有成功，並且有兩個警告。我們看看警告是什麼：

show warnings;

輸出：

+---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Level   | Code | Message                                                                                                                                                                                 |
+---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Warning | 1287 | 'SET PASSWORD FOR <user> = PASSWORD('<plaintext_password>')' is deprecated and will be removed in a future release. Please use SET PASSWORD FOR <user> = '<plaintext_password>' instead |
| Note    | 1699 | SET PASSWORD has no significance for user 'root'@'localhost' as authentication plugin does not support it.                                                                              |
+---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.04 sec)

輸出顯示當前使用的授權插件不支持修改密碼，那我們看一下當前的授權插件是什麼：

SELECT user, plugin FROM mysql.user;

輸出：

+------------------+-----------------------+
| user             | plugin                |
+------------------+-----------------------+
| root             | auth_socket           |
| mysql.session    | mysql_native_password |
| mysql.sys        | mysql_native_password |
| debian-sys-maint | mysql_native_password |
+------------------+-----------------------+

我們看到，root採用的是授權插件是auth_socket，也即通過套接字進行鑑權。如果你安裝的版本是5.7，並且沒有爲root用戶提供密碼（安裝時並不需要），那麼就會使用auth_socket插件，這個插件不關心也不需要密碼，它只是通過UNIX套接字的用戶名進行驗證，如果驗證通過，那麼就鑑權成功。這就是root用戶可以正常使用mysql的原因，因爲root用戶在mysql的user表中。

如果我們想配置密碼，那麼就需要同時改變插件並且設置密碼。如果是先改變插件，然後設置密碼就會不起作用。插件也會回滾到auth_socket。

輸入如下命令：

update mysql.user set authentication_string=PASSWORD('123456'), plugin='mysql_native_password' where user='root';

輸出如下：

Query OK, 1 row affected, 1 warning (0.09 sec)
Rows matched: 1  Changed: 1  Warnings: 1

 查看操作後的用戶信息

mysql> SELECT User, Host, HEX(authentication_string) ,plugin FROM mysql.user;
+------------------+-----------+------------------------------------------------------------------------------------+-----------------------+
| User             | Host      | HEX(authentication_string)                                                         | plugin                |
+------------------+-----------+------------------------------------------------------------------------------------+-----------------------+
| root             | localhost | 2A36424234383337454237343332393130354545343536384444413744433637454432434132414439 | mysql_native_password |
| mysql.session    | localhost | 2A5448495349534E4F544156414C494450415353574F52445448415443414E42455553454448455245 | mysql_native_password |
| mysql.sys        | localhost | 2A5448495349534E4F544156414C494450415353574F52445448415443414E42455553454448455245 | mysql_native_password |
| debian-sys-maint | localhost | 2A33383636414146424141463045393833383341423435353142373433363739333531383934423043 | mysql_native_password |
+------------------+-----------+------------------------------------------------------------------------------------+-----------------------+

此時root用戶確實有了密碼 。我們查看一下warning是什麼：

mysql> show warnings;
+---------+------+-------------------------------------------------------------------+
| Level   | Code | Message                                                           |
+---------+------+-------------------------------------------------------------------+
| Warning | 1681 | 'PASSWORD' is deprecated and will be removed in a future release. |
+---------+------+-------------------------------------------------------------------+
1 row in set (0.00 sec)

警告顯示，PASSWORD被廢棄並且在未來版本中要被移除。可以通過如下命令

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123456';

退出mysql，重啓mysql，退出root用戶，切換到普通用戶，用設置的密碼123456，root用戶登錄mysql。

mysql -u root -p

然後輸入密碼：123456，登錄成功：

qingyuan@ubuntu:~$ mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.26-0ubuntu0.18.04.1 (Ubuntu)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

掃描二維碼，關注“清遠的夢囈”公衆號，在手機端查看文章

參考資料

1. Ubuntu18.04安裝MySQL後普通用戶無法登錄

2. Change user password in MySQL 5.7 with “plugin: auth_socket”