MySQL – Access Denied On Grants

By leerb on December 6, 2013 in MySQL

Interesting problem where we got access denied errors when trying to grant privileges on MySQL server:

mysql> grant all privileges on *.* to 'root'@'1.1.1.1' identified by 'asdasdfasdf' with grant option;
ERROR 1045 (28000): Access denied for user 'root'@'127.0.0.1' (using password: YES)

1 2	mysql> grant all privileges on . to 'root'@'1.1.1.1' identified by 'asdasdfasdf' with grant option; ERROR 1045 (28000): Access denied for user 'root'@'127.0.0.1' (using password: YES)

But we’re logged in as root so it should work. Turns out the problem is the mysql database needs to be upgraded. Try this:

mysql> SHOW GRANTS FOR 'root'@'localhost';
| Grants for root@localhost |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7C46059968B15C1068BCF97F1D1D8F6519E3533E' WITH GRANT OPTION |

mysql> SHOW GRANTS FOR 'root'@'localhost';

| Grants for root@localhost |

| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7C46059968B15C1068BCF97F1D1D8F6519E3533E' WITH GRANT OPTION |

Notice that it lists the individual privileges instead of saying all privileges. Now upgrade the mysql database by running mysql_upgrade:

[root@db01 ~]# mysql_upgrade
Looking for 'mysql' as: mysql
Looking for 'mysqlcheck' as: mysqlcheck
Running 'mysqlcheck with default connection arguments
Running 'mysqlcheck with default connection arguments
mysql.columns_priv OK
mysql.db OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.host OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.servers OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
Running 'mysql_fix_privilege_tables'...
OK

[root@db01 ~]# mysql_upgrade

Looking for 'mysql' as: mysql

Looking for 'mysqlcheck' as: mysqlcheck

Running 'mysqlcheck with default connection arguments

mysql.columns_priv OK

mysql.db OK

mysql.event OK

mysql.func OK

mysql.general_log OK

mysql.help_category OK

mysql.help_keyword OK

mysql.help_relation OK

mysql.help_topic OK

mysql.host OK

mysql.ndb_binlog_index OK

mysql.plugin OK

mysql.proc OK

mysql.procs_priv OK

mysql.servers OK

mysql.slow_log OK

mysql.tables_priv OK

mysql.time_zone OK

mysql.time_zone_leap_second OK

mysql.time_zone_name OK

mysql.time_zone_transition OK

mysql.time_zone_transition_type OK

mysql.user OK

Running 'mysql_fix_privilege_tables'...

Next restart mysql server, login and try showing grants again:

SHOW GRANTS FOR 'root'@'localhost';
| Grants for root@localhost |
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'asdfas' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |

SHOW GRANTS FOR 'root'@'localhost';

| Grants for root@localhost |

| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'asdfas' WITH GRANT OPTION |

| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |

Notice now that it shows “ALL PRIVILEGES” and your grant statements will work.

Top Nav

Navigation

MySQL – Access Denied On Grants