MySQL Root Password Reset and System Management Mechanisms in CentOS 7

Problem Background and Technical Challenges

When deploying MySQL services in CentOS 7 virtual environments, users frequently encounter issues logging in with the root account. Traditional solutions relied on the mysqld_safe --skip-grant-tables & command to start the service, but in modern system environments, this command returns mysqld_safe: command not found errors. This phenomenon reflects profound changes in Linux system service management mechanisms.

Evolution of System Service Management

CentOS 7 and subsequent versions fully adopt systemd as the default initialization system, directly impacting MySQL service startup and management. Compared to traditional SysV init systems, systemd provides more robust service dependency management, parallel startup capabilities, and unified service control interfaces.

In MySQL 5.7.6 and later versions, MySQL services installed via RPM packages default to systemd management. mysqld_safe as a traditional service wrapper has been removed because systemd inherently provides process monitoring and automatic restart functionality. This change demonstrates the trend of modern Linux distributions moving toward unified service management standards.

Technical Implementation of Password Reset

Environment Variable Configuration Method

Configuring MySQL startup parameters through systemd environment variables represents best practices:

sudo systemctl set-environment MYSQLD_OPTS="--skip-grant-tables"

This approach avoids potential risks associated with direct configuration file modifications while ensuring temporary and reversible configuration.

Complete Password Reset Procedure

1. Stop MySQL Service: sudo systemctl stop mysqld
2. Set Temporary Environment Variables: sudo systemctl set-environment MYSQLD_OPTS="--skip-grant-tables"
3. Start Service: sudo systemctl start mysqld
4. Password-less Login: mysql -u root
5. Update Password: For MySQL 5.7.6+ versions, use: ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword123!'
6. Refresh Privileges: FLUSH PRIVILEGES
7. Clean Environment: sudo systemctl unset-environment MYSQLD_OPTS
8. Normal Restart: sudo systemctl restart mysqld

Security Enhancement and Best Practices

Modern MySQL versions introduce the validate_password plugin, enforcing password complexity policies. When resetting passwords, it's recommended to use combinations containing uppercase and lowercase letters, numbers, and special characters to ensure compliance with security requirements.

The mysql_secure_installation tool can further harden MySQL installations: removing anonymous users, prohibiting remote root login, deleting test databases, etc. These measures collectively build a multi-layered security protection system.

In-depth Technical Architecture Analysis

MySQL 5.7 underwent significant restructuring of the user authentication system:

• The authentication_string field replaced the traditional password field
• More powerful password hashing algorithms were introduced
• Performance and security of privilege verification mechanisms were improved

These changes require administrators to update their operational habits and adopt new SQL statements for user management operations. Understanding these underlying changes is crucial for effectively resolving authentication issues.

Troubleshooting and Diagnostics

When encountering login problems, first check the MySQL error log:

sudo tail -f /var/log/mysqld.log

Temporary passwords are typically generated after initial installation and recorded in log files:

grep 'temporary password' /var/log/mysqld.log

System resource limitations, SELinux policies, or firewall configurations may also affect MySQL normal operation, requiring comprehensive investigation.