Interesting problem where we got access denied errors when trying to grant privileges on MySQL server:
1 2 |
mysql> grant all privileges on *.* to 'root'@'1.1.1.1' identified by 'asdasdfasdf' with grant option; ERROR 1045 (28000): Access denied for user 'root'@'127.0.0.1' (using password: YES) |
But we’re logged in as root so it should work. Turns out the problem is the mysql database needs to be upgraded. Try this:
1 2 3 |
mysql> SHOW GRANTS FOR 'root'@'localhost'; | Grants for root@localhost | | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7C46059968B15C1068BCF97F1D1D8F6519E3533E' WITH GRANT OPTION | |
Notice that it lists the individual privileges instead of saying all privileges. Now upgrade the mysql database by running mysql_upgrade:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@db01 ~]# mysql_upgrade Looking for 'mysql' as: mysql Looking for 'mysqlcheck' as: mysqlcheck Running 'mysqlcheck with default connection arguments Running 'mysqlcheck with default connection arguments mysql.columns_priv OK mysql.db OK mysql.event OK mysql.func OK mysql.general_log OK mysql.help_category OK mysql.help_keyword OK mysql.help_relation OK mysql.help_topic OK mysql.host OK mysql.ndb_binlog_index OK mysql.plugin OK mysql.proc OK mysql.procs_priv OK mysql.servers OK mysql.slow_log OK mysql.tables_priv OK mysql.time_zone OK mysql.time_zone_leap_second OK mysql.time_zone_name OK mysql.time_zone_transition OK mysql.time_zone_transition_type OK mysql.user OK Running 'mysql_fix_privilege_tables'... OK |
Next restart mysql server, login and try showing grants again:
1 2 3 4 |
SHOW GRANTS FOR 'root'@'localhost'; | Grants for root@localhost | | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'asdfas' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | |
Notice now that it shows “ALL PRIVILEGES” and your grant statements will work.