How to reset MySQL or MariaDB root password
Resetting a lost root password in MySQL or MariaDB restores access to backups, account changes, and server-wide configuration tasks without rebuilding the database or touching the data directory.
The root@localhost account is controlled by the grant tables in the mysql system schema. Starting the server with --skip-grant-tables and --skip-networking opens a short local-only recovery window so the grant tables can be reloaded and a new password can be written for root@localhost.
The workflow below targets Linux hosts managed by systemd, where the service unit is commonly mysql.service, mariadb.service, or mysqld.service. Keep the host isolated while bypass mode is active because local socket access becomes full administrative access, and use the normal password-change workflow instead when sudo mysql or sudo mariadb still works.
Steps to reset MySQL or MariaDB root password:
- Identify the installed database service unit name before stopping the server.
$ systemctl list-unit-files --type=service | grep --extended-regexp '^(mysql|mariadb|mysqld)\.service' mysql.service enabled enabled
Use the unit name shown on the left in later systemctl commands. Some MariaDB packages also provide mysql.service as a compatibility alias.
- Stop the normal database service.
$ sudo systemctl stop mysql
Replace mysql with mariadb or mysqld when that is the installed unit name.
- In a second root-capable shell, start the server manually with grant tables skipped and networking disabled.
$ sudo mysqld --skip-grant-tables --skip-networking --user=mysql
If the installed server is MariaDB, run:
$ sudo mariadbd --skip-grant-tables --skip-networking --user=mysql
Leave this terminal open while the recovery daemon is running.
While bypass mode is active, anyone with local access to the server socket can connect with full privileges. Keep the recovery window short and do not re-enable the normal service until the temporary daemon is shut down.
- Open a local SQL shell from another root-capable terminal without a password.
$ sudo mysql Welcome to the MySQL monitor. Commands end with ; or \g. ##### snipped ##### mysql>
If the installed client binary is mariadb, run sudo mariadb instead.
- Reload the grant tables so account-management statements work again.
mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
Both current MySQL and current MariaDB require this after starting with --skip-grant-tables.
- Set a new password for root@localhost.
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'NEW_PASSWORD'; Query OK, 0 rows affected (0.00 sec)
If the server is MariaDB, use:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('NEW_PASSWORD'); Query OK, 0 rows affected (0.00 sec)
Current MySQL releases use caching_sha2_password for password authentication by default. MariaDB 10.4 and later commonly keep root@localhost on unix_socket plus a password branch, so SET PASSWORD updates the password without removing socket-based sudo mariadb access.
- Shut down the temporary recovery server from the same SQL session.
mysql> SHUTDOWN;
The SQL client disconnects when the bypass-mode daemon exits.
- Start the regular database service again.
$ sudo systemctl start mysql
Replace mysql with the unit name identified earlier.
- Verify that the new password works for the root account.
$ mysql -u root -p -e "SELECT CURRENT_USER();" Enter password: +----------------+ | CURRENT_USER() | +----------------+ | root@localhost | +----------------+
If the installed client is mariadb, replace mysql with mariadb.
If password login still fails on MariaDB but sudo mariadb works, inspect the account definition with SHOW CREATE USER 'root'@'localhost'\G and confirm that the password was written to the expected account.