You may have MySQL running somewhere in your data center. If that’s the case, there might be a time when you need to set or change the root user password. This can happen when you’ve forgotten the password, or when you’re looking up your security game after remembering you set the original MySQL password to something far too simple.
The process is handled entirely through the command line and works with either MySQL or MariaDB installations. The Linux distribution used doesn’t matter as long as you have admin access by way of su
or sudo
.
SEE: A fast and furious guide to MySQL database engines
How to set MySQL password for the first time
Please note, that I will refer to MySQL with the idea that everything will work for both MySQL and MariaDB.
Typically, during the installation of MySQL and MariaDB, you are asked to set an initial password. If that didn’t happen, you will need to set a password for the first time. To do that, open up a terminal window and issue the following command:
mysqladmin -u root password NEWPASSWORD
In this case, NEWPASSWORD
is the placeholder password. Next, when you log into MySQL with the command mysql -u root -p
, you will be prompted to enter the newly configured password.
An alternative method for setting the root password for the first time — that adds a bit of security to your MySQL database — is to use the mysql_secure_connection
command. This command will set the root user password and allow you to remove anonymous users, disallow remote root login, and remove the test database. To use this command, simply type:
mysql_secure_connection
Answer the presented questions, and your password will be set, making your database a bit more secure.
SEE: Password Management Policy
How to change MySQL root user password
To reset the password for MySQL you first must create a new file with the following contents:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'PASSWORD';
PASSWORD
is the new password to be used. Save that file as ~/mysql-pwd
.
Next, stop the MySQL daemon with the command:
sudo systemctl stop mysql
With the daemon stopped, issue the command:
sudo mysqld -init-file=~/mysql-pwd
Once your command prompt is returned, restart the MySQL daemon with the command:
sudo systemctl start mysql
You should now be able to log into the MySQL command prompt with the new admin password like so:
mysql -u root -p
When prompted, type the admin password, and you’re ready.
How to change MySQL user password
To change the password of a non-root user, once logged in, run the following query:
ALTER USER ‘username’@‘host’ IDENTIFIED BY ‘PASSWORD’;
Where username
is the MySQL username, host
is the host from which the user can connect, and PASSWORD
is the new password of choice.
Then apply the changes by running the command:
FLUSH PRIVILEGES;
How to recover your MySQL password
What if you’ve forgotten your MySQL root user password? To recover the password, you simply have to follow these steps:
- Stop the MySQL server process with the command
sudo service mysql stop
- Start the MySQL server with the command
sudo mysqld_safe –skip-grant-tables –skip-networking &
- Connect to the MySQL server as the root user with the command
mysql -u root
At this point, you need to issue the following MySQL commands to reset the root password:
mysql> use mysql;
mysql> update user set authentication_string=password('NEWPASSWORD') where user="root";
mysql> flush privileges;
mysql> quit
Where NEWPASSWORD
is the new password to be used.
Restart the MySQL daemon with the command sudo service mysql restart
. You should now be able to log into MySQL with the new password.
And that’s it. You can now set, reset, and recover your MySQL password.
SEE: How to Query Multiple Tables in SQL
How to show MySQL users and passwords
Occasionally, you may want to generate a list of MySQL users and passwords to, say, audit or backup credentials. You can do this by querying the mysql.user
table, but note that passwords are stored in a hashed format, so they cannot be retrieved directly in plaintext.
Run the following query to retrieve the user and password columns:
SELECT User, Host, authentication_string FROM mysql.user;
Where User
is the MySQL username, Host
is the host from which the user can connect, such as localhost
, and authentication_string
is the hashed password.
Set a difficult password for your MySQL root user
I want to remind you how important it is to set a difficult password for the MySQL root user. Given the current state of attacks across the landscape of IT, I highly recommend you use strong passwords for your databases. Instead of using an easily memorized password, use a random password generator and store that in a password manager. Be safer than safe.
Fiona Jackson updated this article in January 2025.
Read the full article here