1698
database
auth_error
ai_generated
true
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
ID: database/mysql-access-denied-for-root
85%Fix Rate
90%Confidence
1Evidence
2023-02-14First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| MySQL 8.0.33 | active | — | — | — |
| MySQL 8.0.35 | active | — | — | — |
| MariaDB 10.11.6 | active | — | — | — |
Root Cause
MySQL's 'root' user is configured to authenticate via 'auth_socket' or 'unix_socket' plugin, which requires the client to connect from the system root user via Unix socket, not with a password.
generic中文
MySQL 的 'root' 用户配置为通过 'auth_socket' 或 'unix_socket' 插件进行身份验证,这要求客户端通过 Unix 套接字以系统 root 用户身份连接,而不是使用密码。
Official Documentation
https://dev.mysql.com/doc/refman/8.0/en/access-denied.htmlWorkarounds
-
90% success Connect using sudo: `sudo mysql -u root`. Then change the authentication plugin: `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new_password'; FLUSH PRIVILEGES;`
Connect using sudo: `sudo mysql -u root`. Then change the authentication plugin: `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new_password'; FLUSH PRIVILEGES;`
-
85% success Create a new admin user with mysql_native_password: `CREATE USER 'admin'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;`
Create a new admin user with mysql_native_password: `CREATE USER 'admin'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;`
中文步骤
Connect using sudo: `sudo mysql -u root`. Then change the authentication plugin: `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'new_password'; FLUSH PRIVILEGES;`
Create a new admin user with mysql_native_password: `CREATE USER 'admin'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;`
Dead Ends
Common approaches that don't work:
-
90% fail
The command itself fails with the same error because it cannot authenticate as root without the socket plugin.
-
50% fail
This disables all authentication, creating a severe security risk. It should only be used temporarily for recovery.