Recovering a lost root password in MySQL or MariaDB restores access to account management, backups, and server-wide configuration changes. A password reset is often faster and safer than rebuilding the data directory or restoring a full database dump.

Authentication is enforced by the privilege (grant) tables in the mysql system schema. Starting the server with --skip-grant-tables bypasses privilege checks, enabling a local session to assign a new authentication method and password for root@localhost before returning the daemon to normal startup.

During bypass mode, connections through the local socket gain unrestricted access, so the server must stay isolated and the window must stay short. The workflow below uses a containerized MySQL instance; on systemd hosts, stop the service and start mysqld_safe with --skip-grant-tables instead.

Related: How to secure MySQL or MariaDB installation with mysql_secure_installation
Related: How to access MySQL or MariaDB as root without using sudo

Steps to set or reset MySQL/MariaDB root password:

  1. Stop the running container before starting bypass mode. 
    $ sudo docker stop sg-mysql
sg-mysql
  2. Start a temporary server in bypass mode using --skip-grant-tables and --skip-networking. 
    $ sudo docker run --rm -d --name sg-mysql-reset --volumes-from sg-mysql --network none mysql:8.0 --skip-grant-tables --skip-networking
f7aec53137c5b75145aa41c66114a0f26b236e1331a1aa07bd1280155bc79105

    Authentication checks are disabled, so local socket access becomes full administrative access; keep the host isolated; shut down bypass mode immediately after the password change.

  3. Open a local mysql client session as root without a password. 
    $ sudo docker exec -it sg-mysql-reset mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 8.0.44 MySQL Community Server - GPL
##### snipped #####
mysql>
  4. Reload the grant tables inside the mysql shell. 
    mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
  5. Set a new password for root@localhost. 
    mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'NEW_PASSWORD';
Query OK, 0 rows affected (0.00 sec)

    MariaDB commonly uses: 

    ALTER USER 'root'@'localhost' IDENTIFIED BY 'NEW_PASSWORD';

    Installations that default to auth_socket (MySQL) or unix_socket (MariaDB) switch to password authentication when a password-based plugin is set.

  6. Exit the mysql shell. 
    mysql> exit
Bye
  7. Stop the bypass-mode container. 
    $ sudo docker stop sg-mysql-reset
sg-mysql-reset
  8. Restart the original container with normal authentication. 
    $ sudo docker start sg-mysql
sg-mysql
  9. Verify password authentication for the root account. 
    $ sudo docker exec -it sg-mysql mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.44 MySQL Community Server - GPL
##### snipped #####
mysql>

    Reaching the mysql> prompt confirms that the new password is active.