Keywords: MySQL | ERROR 1045 | Access Denied | root password | Ubuntu
Abstract: This paper provides an in-depth technical analysis of MySQL ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES), focusing on MySQL 5.5 installation and configuration in Ubuntu environments. The research examines default password mechanisms, authentication workflows, and privilege management principles. By comparing password strategies across different MySQL versions, the paper presents a complete solution set ranging from simple login attempts to complex password resets, including mysqladmin password modification, safe mode password recovery, and temporary password retrieval methods, enabling comprehensive understanding and resolution of MySQL access privilege issues.
Problem Context and Environment Configuration
When installing MySQL database on Ubuntu operating systems, users frequently encounter the classic ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES). This error typically occurs during initial attempts to access the database using the root user after fresh MySQL installation, indicating that the system has rejected the user's access request.
Deep Analysis of Error Causes
Through extensive research on MySQL 5.5 default configurations, this study reveals that this version does not set an initial password for the root user during installation, instead employing an empty password mechanism. When users attempt login using the mysql -uroot -proot command, the system verifies whether the provided password "root" matches the stored password information in the database. Since the actual stored password is an empty string, password verification fails, resulting in access denial.
MySQL's authentication system relies on user credential information in the mysql.user table, including username, hostname, and password hash. When a client initiates a connection request, the MySQL server queries this table for authentication. In MySQL 5.5, the newly installed root@localhost account typically has an empty authentication_string field or contains specific placeholder values.
Core Solution Implementation
Based on MySQL 5.5's default configuration characteristics, the most direct solution involves using empty password login:
mysql -u rootThis command omits the password parameter, preventing the MySQL client from sending password information to the server. Upon receiving the connection request, the server checks the password setting for the root@localhost account in mysql.user table. Since the password field is empty, the system permits passwordless login, successfully establishing database connection.
After successful login, immediate root password configuration is essential for database security:
mysqladmin -u root password 'new_secure_password'This command sends a password modification request to the MySQL server through the mysqladmin utility. The system updates the password hash for the root@localhost account in mysql.user table, employing MySQL's built-in PASSWORD() function for encrypted storage of plaintext passwords.
Extended Solution Comparison
For more complex scenarios such as forgotten passwords or configuration errors, safe mode reset methods can be employed. First, stop the MySQL service:
sudo systemctl stop mysqlThen start MySQL with privilege checking disabled:
sudo mysqld_safe --skip-grant-tables --skip-networking &This startup method bypasses normal authentication workflows, allowing any user to connect to the database without passwords. After establishing connection, direct user password updates can be performed:
mysql -u root
UPDATE mysql.user SET authentication_string=PASSWORD('new_password') WHERE User='root' AND Host='localhost';
FLUSH PRIVILEGES;The FLUSH PRIVILEGES command forces the MySQL server to reload privilege tables, ensuring immediate effect of password modifications.
Version Differences and Compatibility Considerations
Significant differences exist in password management mechanisms across different MySQL versions. MySQL 5.7 and later versions introduce stricter security policies, including generation of temporary random passwords and mandatory password complexity requirements. For these versions, examination of error logs is necessary to retrieve temporary passwords:
sudo grep 'temporary password' /var/log/mysqld.logSubsequently, use the ALTER USER statement to modify passwords:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_secure_password';Security Best Practices
After resolving access privilege issues, adherence to database security best practices is crucial: create dedicated application user accounts, restrict remote access for root accounts, regularly update passwords, and enable audit logging functionality. These measures effectively reduce security risks and ensure stable operation of database systems.