Download the PAM eBook PDF
Data breaches have cost companies across industries an average of $4.88 million this year. Luckily, effectively preventing them comes down to simply managing user credentials effectively. In fact, regularly updating user passwords can notably reduce the risk of unauthorized access and data theft. Ready to level up your cybersecurity game? Here’s a step-by-step guide on how to change a PostgreSQL user password, why it’s important, and the best practices for securing your database. Read on!
StrongDM manages and audits access to infrastructure.
- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
MySQL is an open-source relational database, made famous by its ease-of-use and simple setup on modern Linux and Windows operating systems. On an unmodified MySQL install, the root user account does not have a password. This is extremely insecure!
As a systems administrator, we know that the easiest way to compromise a system is using the default unchanged password with admin privileges. To set the root password for the root account:
$ mysql -u root --skip-password
Assign a password with the following command:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
Luckily, in most situations, operating system-specific installs of MySQL will be set to generate a random password for the root user when the database is started for the first time. Instead of setting the password, you’ll change it.
Different platforms (Windows, Linux, etc) will require slightly different methods for resetting the password.
Changing/Resetting the Root User’s Password on Linux
Log on to your system as the Unix user that the MySQL server runs as (for example, mysql). These will work on most Linux distributions (ubuntu, Debian, Fedora, etc).
Step 1
Log on to your target system with SSH or other remote shell
Step 2
Stop the MySQL server if it is running. Most times, this is done using your operating system’s init system (systemD, SysV init, or upstart).
# upstart$ sudo service mysql stop# SysV init/etc/init.d/mysql-server stopStep 3
If you’re unsure, or you have a custom MySQL installation, you can stop the MySQL server by sending a normal TERM to the mysqld process using the kill command
$ killall mysqld
Step 4
Create a text file containing the password assignment SQL statement on a single line
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass';Step 5
Save the file to disk. Note: ensure the mysql user (or the user the database is running under) has read access to the file.
Step 6
Start the MySQL server with the init_file CLI flag set to name the file you saved above.
$ mysqld --init-file=/home/me/mysql-initStep 7
When the server boots, it will execute the contents of the file specified above which will change the password.
Step 8
After the server has started successfully, you can delete the SQL file you created above. In a separate command prompt, or with your GUI tool of choice, you should now be able to connect to the MySQL server as root using the new password.
Step 9
Stop the MySQL server (usually control-C) and start MySQL it normally from your operating system’s init system
#upstart$ sudo service mysql start# SysV init/etc/init.d/mysql-server stopChanging/Resetting the Root User’s Password on Windows
Resetting the root password is very similar to the process used on Linux, with a few tweaks! We will create another init file containing the password reset statement, and start the server manually in our command prompt.
Step 1
Log on to your system via RDP or on the console as a user with administrative privileges
Step 2
Stop the MySQL server if it is running
For a server that is running as a Windows service, go to the Services manager: From the Start menu, select Control Panel, then Administrative Tools, then Services. Find the MySQL service in the list and stop it.
Step 3
Create a text file containing the password assignment SQL statement on a single line
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass';
Step 4
Save the file to disk.
Step 5
Open the command prompt (Start → Run → cmd)
Step 6
Start the MySQL server with the init_file CLI flag set to name the file you saved above. Note: backslashes must be escaped, so use two for the file path like the example below.
C:\> cd "C:\Program Files\MySQL\MySQL Server 8.0\bin"C:\> mysqld --init-file=C:\\mysql-init.txtStep 7
When the server boots, it will execute the contents of the file specified above which will change the password.
Step 8
After the server has started successfully, you can delete the SQL file you created above. In a separate command prompt, or with your GUI tool of choice, you should now be able to connect to the MySQL server as root using the new password.
Step 9
Stop the MySQL server and restart it normally from the Windows Service Console.
Managing MySQL Users with StrongDM
Most security professionals would not recommend using the root user for human or application access to a database. The administrative privileges that the root user possesses are a huge security vulnerability waiting to happen!
So what’s the best way to do database access for your developers? Multiple accounts? One shared account? If you change the password, how do you communicate that to everyone?
Enter StrongDM. StrongDM allows you to abstract-away usernames and passwords from the developers and allows the systems administrator to keep the master passwords in a safe space under lock and key. StrongDM provides you centralized authentication and auditing for all actions against a MySQL host.
Try StrongDM for yourself with a free, 14-day trial or schedule a 15-minute demo with the team.
💙 this post?
Then get all that StrongDM goodness, right in your inbox.
You May Also Like
The DROP DATABASE command in PostgreSQL is a powerful command that is used to delete a database along with all its associated objects, such as tables, views, indexes, and other database-specific elements. It is often a good practice to clean up your workspace by removing unused databases. However, keep in mind that deleting an existing PostgreSQL database deletes all objects and data within that database. This command should be used with caution as it irreversibly removes the specified database and its contents.
Creating Postgres users isn't just a routine step in the complicated world of database management; it's a critical strategy that has a significant impact on how PostgreSQL databases operate and remain secure. An increasing number of organizations depend on sophisticated data systems, so it's critical to recognize the value of Postgres users. This blog post walks you through the steps of creating a Postgres user, as well as, explores the significance of these users in database administration, emphasizing their function in maintaining security, limiting access, and ensuring efficient data management.
The number and complexity of databases that every organization must manage has skyrocketed. If you need access - or need to provide it - it can sure be a pain in the access to manage.
Today, we’ll take a look at what just-in-time access (JIT) means and what types there are. You’ll also learn about what a JIT access solution can do for your organization. By the end of this article, you’ll understand how just-in-time access works, the best practices to ensure secured implementation, and how strongDM comes to the rescue.