Recover MySQL Root Password without Restarting MySQL (No Downtime!)
Join the DZone community and get the full member experience.
Join For FreeOriginally Written by Daniel Guzmán Burgos
Disclaimer: Do this at your own risk! It doesn’t apply if you’re using Pluggable authentication and certainly won’t be usable if/when MySQL system tables are stored on InnoDB

Recover your root password with care!
What is the situation?
The situation is the classic “need to recover MySQL root password” but you cannot restart MySQL (because it is the master production server, or any other reason), which makes the –skip-grant-tables solution as a no-no possibility.
What can I do?
There is a workaround, which is the following:
- Launch another instance of mysqld, a small one (without innodb).
- Copy your user.[frm|MYD|MYI] files from the original datadir to the datadir of the new instance.
- Modify them and then copy them back to the original location.
That simple? No, but close. Here is the step by step:
Step by step recovery
- Create
a new datadir and run mysql_install_db for the new datadir. This one
will be removed at the end. Don’t forget to change ownership to mysql
user and group:
[root@machina dbdata]# mkdir datadir [root@machina dbdata]# chown -R mysql:mysql datadir/ [root@machina dbdata]# mysql_install_db --datadir=/dbdata/datadir/ --user=mysql Installing MySQL system tables...OK Filling help tables...OK
- Launch
the new instance. Be careful with the datadir path, the socket file and
the port number. Also, disable InnoDB, you won’t need it, just add –skip-innodb AND –default-storage-engine=myisam:
[root@machina datadir]# /usr/sbin/mysqld --basedir=/usr --datadir=/dbdata/datadir --plugin-dir=/usr/lib/mysql/plugin --skip-innodb --default-storage-engine=myisam --socket=/var/run/mysqld/mysql2.sock --port=3307 --user=mysql --log-error=/dblogs/log/error2.log --pid-file=/dbdata/data/mysql.pid &
- Copy
the user.* files from the original mysql instance (the ones that you
need to modify) to the new instance’s datadir and login to this instance
of mysql:
[root@machina ~]# cp /dbdata/data/mysql/user.* /dbdata/datadir/mysql/cp: overwrite `/dbdata/datadir/mysql/user.frm'? y cp: overwrite `/dbdata/datadir/mysql/user.MYD'? y cp: overwrite `/dbdata/datadir/mysql/user.MYI'? y [root@machina datadir]# mysql --socket=/var/run/mysqld/mysql2.sock -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g.
- Execute a “flush tables” command, so the user table will be “reopened” and you can see the data and verify:
mysql2> flush tables; mysql2> select user, host, password from user where user like 'root'; +------+--------------------------------------+------------------------------------------+ | user | host | password | +------+--------------------------------------+------------------------------------------+ | root | localhost | 696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | 127.0.0.1 | 696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | % | 696D727429CC43695423FA5F2F0155D92A0AAC08 | +------+--------------------------------------+------------------------------------------+ 3 rows in set (0.00 sec)
- Now, update the password field with the desired value:
mysql2> update mysql.user set password='*696D727429CC43695423FA5F2F0155D92A0AAC08' where user like 'root'; Query OK, 3 rows affected (0.00 sec) Rows matched: 3 Changed: 3 Warnings: 0
- Verify again:
mysql2> select user, host, password from user where user like 'root'; +------+--------------------------------------+-------------------------------------------+ | user | host | password | +------+--------------------------------------+-------------------------------------------+ | root | localhost | *696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | 127.0.0.1 | *696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | % | *696D727429CC43695423FA5F2F0155D92A0AAC08 | +------+--------------------------------------+-------------------------------------------+ 3 rows in set (0.00 sec)
- Flush privileges and verify that the new password is correct, by logging in again:
mysql2> flush privileges; Query OK, 0 rows affected (0.00 sec)
- Now
that we have made the changes, we can move back the user.* files to the
original location, being extremely careful with owner and privileges:
[root@machina ~]# cd /dbdata/datadir/mysql/ [root@machina mysql]# cp user.* /dbdata/data/mysql/; chown mysql:mysql /dbdata/data/mysql/user.*; chmod 660 /dbdata/data/mysql/user.* cp: overwrite `/dbdata/data/mysql/user.frm'? y cp: overwrite `/dbdata/data/mysql/user.MYD'? y cp: overwrite `/dbdata/data/mysql/user.MYI'? y
- At this moment, you can shutdown the new mysql instance since is no longer needed. Be very very careful so you don’t end up shutting down your original mysqld!:
[root@machina datadir]# mysqladmin --socket=/var/run/mysqld/mysql2.sock -p shutdown Enter password: 141120 06:59:14 mysqld_safe mysqld from pid file /dbdata/data/mysql.pid ended
- Now,
the last step is to execute a “FLUSH PRIVILEGES” in the original
mysqld. Since we cannot yet access it, we need to send a SIGHUP signal
to mysqld. MySQL responds to this signal
by reloading the grant tables and flushing tables, logs, the thread
cache, and the host cache, so choose wisely the moment of the day when
you want to send the SIGHUP since the performance might be degraded
(look at “flush tables” ).The way to send SIGHUP is to execute “kill” command with the -1 flag:
[root@machina datadir]# kill -1 $(/sbin/pidof mysqld)
- Finally, login into MySQL as root!:You can see your schemas? of course you can! your databases are okay!
[root@machina datadir]# mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 101208 mysql1> select user, host, password from mysql.user where user like 'root'; +------+--------------------------------------+-------------------------------------------+ | user | host | password | +------+--------------------------------------+-------------------------------------------+ | root | localhost | *696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | 127.0.0.1 | *696D727429CC43695423FA5F2F0155D92A0AAC08 | | root | % | *696D727429CC43695423FA5F2F0155D92A0AAC08 | +------+--------------------------------------+-------------------------------------------+ 3 rows in set (0.00 sec)
mysql1> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | percona | | testing | +--------------------+ 4 rows in set (0.03 sec)
We’ve successfully recovered the MySQL root password without the need to restart MySQL and thus avoid downtime.
I hope you never face this situation, but in case you do, there’s a workaround to recover your access! Is there another way to perform this?
Share it with the world!
Published at DZone with permission of Peter Zaitsev, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments