A user should be able to change his/her own password strictly using SET PASSWORD.
For a connected user to set the new password to mynewpass
, just run the following:
mysql> SET PASSWORD = PASSWORD('mynewpass');
According to the MySQL Documentation on SET PASSWORD, if the server is a read-only enabled server, you need SUPER privilege to do this. Otherwise, you can do this any time. There is no need for another user to set someone else's password. If you need a super user to set it you can still use SET PASSWORD.
To set the password of 'someuser'@'10.1.2.30'
to hisnewpass
, run this:
mysql> SET PASSWORD FOR 'someuser'@'10.1.2.30' = PASSWORD('hisnewpass');
According to the MySQL Documentation on SET PASSWORD, this is the equivalent of:
UPDATE mysql.user SET Password=PASSWORD('hisnewpass')
WHERE User='someuser' AND Host='10.1.2.30';
FLUSH PRIVILEGES;
Using SET PASSWORD does not warrant manipulating mysql.user
.
Here is a more secure way to reset password without skip-grant-tables
Suppose you want root to have myn3wp@ssw0rd
as the password
Step 01 : Create a script to execute when mysqld first start up
Create a file called /var/lib/mysql/init-file.sql
with these two lines
GRANT ALL PRIVILEGES ON *.* to root@localhost
IDENTIFIED BY 'myn3wp@ssw0rd' WITH GRANT OPTION;
Step 02 : Run these three(3) lines in the OS
chown mysql:mysql /var/lib/mysql/init-file.sql
service mysql restart --init-file=/var/lib/mysql/init-file.sql
rm -f /var/lib/mysql/init-file.sql
Step 03 : THERE IS NO STEP 03
. YOU ARE DONE !!!
Give it a Try !!!
CAVEAT
UPDATE 2013-06-17 07:05 EDT
OK Since mysqld for Ubuntu does not like init-file on the command, you must edit the my.cnf
. Please do these next two steps
STEP 01) Add these lines to my.cnf
under the [mysqld]
group header
[mysqld]
init-file=/var/lib/mysql/init-file.sql
STEP 02) Allow mysql to read files from /etc/mysql
sudo vim /etc/apparmor.d/usr.sbin.mysqld
Add the line:
/etc/mysql/*.sql r,
STEP 03) Restart MySQL
This should work for you. Give it a Try !!!
Best Answer
One way to achieve this could be by using pluggable authentication. This way the password is stored externally and therefore can't be changed from within mysql. This allows you to use PAM, LDAP or other authentication services.
For PAM, assuming you have configured PAM already in your OS (assuming Linux below), then in MySQL do:
... where
AS 'mysql'
refers to a file/etc/pam.d/mysql
.If the user then tries to set their password (I've tested this only on MariaDB with the unix_socket plugin):
... that query will "work", however it gives a warning: