Tutorial

How To Reset Your MySQL or MariaDB Root Password on Ubuntu 20.04

Updated on December 21, 2021

Software Engineer, CTO @Makimo

How To Reset Your MySQL or MariaDB Root Password on Ubuntu 20.04
Not using Ubuntu 20.04?Choose a different version or distribution.
Ubuntu 20.04

The author selected the COVID-19 Relief Fund to receive a donation as part of the Write for DOnations program.

Introduction

Forgot your database password? It happens to the best of us. If you’ve forgotten or lost the root password to your MySQL or MariaDB database, you can still gain access and reset the password if you have access to the server and a user account with sudo privileges.

This tutorial demonstrates how to reset the root password for MySQL and MariaDB databases installed with the apt package manager on Ubuntu 20.04. The procedure for changing the root password differs depending on whether you have MySQL or MariaDB installed and the default systemd configuration that ships with the distribution or packages from other vendors. While the instructions in this tutorial may work with other system or database server versions, they have been tested with Ubuntu 20.04 and distribution-supplied packages.

Note: On fresh Ubuntu 20.04 installations, the default MySQL or MariaDB configuration usually allows you to access the database (with full administrative privileges) without providing a password as long as you make the connection from the system’s root account. In this scenario, it may not be necessary to reset the password. Before you proceed with resetting your database root password, try to access the database with the sudo mysql command. Only if the default configuration for authentication was altered, and this results in an access denied error, follow the steps in this tutorial.

Prerequisites

To recover your MySQL or MariaDB root password, you will need:

Note: Both database installation guides retain the default configuration for the database root account where a password is not needed to authenticate, as long as you can access the system’s root account. You can still follow this guide to set and verify a new password.

Step 1 — Identifying the Database Version and Stopping the Server

Ubuntu 20.04 runs either MySQL or MariaDB—a popular drop-in replacement that is fully compatible with MySQL. You’ll need to use different commands to recover the root password depending on which of these you have installed, so follow the steps in this section to determine which database server you’re running.

Check your version with the following command:

  1. mysql --version

If you’re running MariaDB, you’ll see “MariaDB” preceded by the version number in the output:

MariaDB output
mysql Ver 15.1 Distrib 10.3.25-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

You’ll see output like this if you’re running MySQL:

MySQL output
mysql Ver 8.0.22-0ubuntu0.20.04.3 for Linux on x86_64 ((Ubuntu))

Note the database you are running. This will determine the appropriate commands to follow in the rest of this tutorial.

In order to change the root password, you’ll need to shut down the database server. If you’re running MariaDB, you can do so with the following command:

  1. sudo systemctl stop mariadb

For MySQL, shut down the database server by running:

  1. sudo systemctl stop mysql

With the database stopped, you can restart it in safe mode to reset the root password.

Step 2 — Restarting the Database Server Without Permission Checks

Running MySQL and MariaDB without permission checking allows accessing the database command line with root privileges without providing a valid password. To do this, you need to stop the database from loading the grant tables, which store user privilege information. Since this is a bit of a security risk, you may also want to disable networking to prevent other clients from connecting to the temporarily vulnerable server.

Depending on which database server you’ve installed, the way of starting the server without loading the grant tables differs.

Configuring MariaDB to Start Without Grant Tables

In order to start the MariaDB server without the grant tables, we’ll use the systemd unit file to set additional parameters for the MariaDB server daemon.

Execute the following command, which sets the MYSQLD_OPTS environment variable used by MariaDB upon startup. The --skip-grant-tables and --skip-networking options tell MariaDB to start up without loading the grant tables or networking features:

  1. sudo systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"

Then start the MariaDB server:

  1. sudo systemctl start mariadb

This command won’t produce any output, but it will restart the database server, taking into account the new environment variable settings.

You can ensure it started with sudo systemctl status mariadb.

Now you should be able to connect to the database as the MariaDB root user without supplying a password:

  1. sudo mysql -u root

You’ll immediately see a database shell prompt:

Now that you have access to the database server, you can change the root password as shown in Step 3.

Configuring MySQL to Start Without Grant Tables

In order to start the MySQL server without its grant tables, you’ll alter the systemd configuration for MySQL to pass additional command-line parameters to the server upon startup.

To do this, execute the following command:

  1. sudo systemctl edit mysql

This command will open a new file in the nano editor, which you’ll use to edit MySQL’s service overrides. These change the default service parameters for MySQL.

This file will be empty. Add the following content:

MySQL service overrides
[Service]
ExecStart=
ExecStart=/usr/sbin/mysqld --skip-grant-tables --skip-networking

The first ExecStart statement clears the default value, while the second one provides systemd with the new startup command, including parameters to disable loading the grant tables and networking capabilities.

Press CTRL-x to exit the file, then Y to save the changes that you made, then ENTER to confirm the file name.

Reload the systemd configuration to apply these changes:

  1. sudo systemctl daemon-reload

Now start the MySQL server:

  1. sudo systemctl start mysql

The command will show no output, but the database server will start. The grant tables and networking will not be enabled.

Connect to the database as the root user:

  1. sudo mysql -u root

You’ll immediately see a database shell prompt:

Now that you have access to the server, you can change the root password.

Step 3 — Changing the Root Password

The database server is now running in a limited mode; the grant tables are not loaded, and there’s no networking support enabled. This lets you access the server without providing a password, but it prohibits you from executing commands that alter data. To reset the root password, you must load the grant tables now that you’ve gained access to the server.

Tell the database server to reload the grant tables by issuing the FLUSH PRIVILEGES command:

  1. FLUSH PRIVILEGES;

You can now change the root password. The method you use depends on whether you are using MariaDB or MySQL.

Changing the MariaDB Password

If you are using MariaDB, execute the following statement to set the password for the root account, making sure to replace new_password with a strong new password that you’ll remember:

  1. ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';

You’ll see this output indicating that the password changed:

Output
Query OK, 0 rows affected (0.001 sec)

MariaDB allows using custom authentication mechanisms, so execute the following two statements to make sure MariaDB will use its default authentication mechanism for the new password you assigned to the root account:

  1. UPDATE mysql.user SET authentication_string = '' WHERE user = 'root';
  2. UPDATE mysql.user SET plugin = '' WHERE user = 'root';

You’ll see the following output for each statement:

Output
Query OK, 0 rows affected (0.01 sec)

The password is now changed. Type exit to exit the MariaDB console and proceed to Step 4 to restart the database server in normal mode.

Changing the MySQL Password

For MySQL, execute the following statement to change the root user’s password, replacing new_password with a strong password you’ll remember. MySQL allows using custom authentication mechanisms, so the following statement also makes sure that MySQL will use its default authentication mechanism to authenticate the root user using the new password:

  1. ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'new_password';

You’ll see this output indicating the password was changed successfully:

Output
Query OK, 0 rows affected (0.01 sec)

The password is now changed. Exit the MySQL console by typing exit.

Let’s restart the database in normal operational mode.

Step 4 — Reverting Your Database Server to Normal Settings

In order to restart the database server in its normal mode, you have to revert the changes you made so that networking is enabled and the grant tables are loaded. Again, the method you use depends on whether you used MariaDB or MySQL.

For MariaDB, unset the MYSQLD_OPTS environment variable you set previously:

  1. sudo systemctl unset-environment MYSQLD_OPTS

Then, restart the service using systemctl:

  1. sudo systemctl restart mariadb

For MySQL, remove the modified systemd configuration:

  1. sudo systemctl revert mysql

You’ll see output similar to the following:

Output
Removed /etc/systemd/system/mysql.service.d/override.conf. Removed /etc/systemd/system/mysql.service.d.

Then, reload the systemd configuration to apply the changes:

  1. sudo systemctl daemon-reload

Finally, restart the service:

  1. sudo systemctl restart mysql

The database is now restarted and is back to its normal state. Confirm that the new password works by logging in as the root user with a password:

  1. mysql -u root -p

You’ll be prompted for a password. Enter your new password, and you’ll gain access to the database prompt as expected.

Conclusion

You have restored administrative access to the MySQL or MariaDB server. Make sure the new password you chose is strong and secure, and keep it in a safe place.

For more information on user management, authentication mechanisms, or ways of resetting database passwords for other versions of MySQL or MariaDB, please refer to the official MySQL documentation or MariaDB documentation.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar

Software Engineer, CTO @Makimo

Creating bespoke software ◦ CTO & co-founder at Makimo. I’m a software enginner & a geek. I like making impossible things possible. And I need tea.

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
4 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Excellent.

# sudo systemctl edit mysql

After insert section [Service]… and Ctrl+X, Y message:

Editing “/etc/systemd/system/mysql.service.d/override.conf” canceled: temporary file is empty.

Ubuntu 20.04, mysql 8.0.35

can you please make this little bit easier I mean to say that gui based

Great tutorial! Thanks so much! The only improvement I’d suggest is using headers to divide the steps into subsections for MariaDB and MySQL. Otherwise, it’s very helpful!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.