Ubuntu: Reset debian-sys-maint’s mysql password

On Ubuntu systems there is a (system) mysql user debian-sys-maint that is used by the system’s init scripts to control the mysql database, e.g. to start or stop the mysql server. The password of this user is stored (in clear text) in /etc/mysql/debian.cnf. If this password does not match the the actual password in the mysql server the mysql init scripts will fail:

# /etc/init.d/mysql restart
 * Stopping MySQL database server mysqld     [fail]
 * Starting MySQL database server mysqld     [ OK ]
# /etc/init.d/mysql status
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'

Moreover trying to update the mysql server will fail with an error like:

Fehler traten auf beim Bearbeiten von:
 /var/cache/apt/archives/mysql-server-5.1_5.1.37-1ubuntu5.1_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

To fix the problem you have to update the mysql password for the user debian-sys-maint:

  1. Get the password from /etc/mysql/debian.cnf. The clear text password is stored twice in the file (the lines starting with “password =”:
    # Automatically generated for Debian scripts. DO NOT TOUCH!
    [client]
    host = localhost
    user = debian-sys-maint
    password = your-secret-password
    socket = /var/run/mysqld/mysqld.sock
    [mysql_upgrade]
    host = localhost
    user = debian-sys-maint
    password = your-secret-password
    socket = /var/run/mysqld/mysqld.sock
    basedir = /usr
  2. Update the password in the mysql server (you need mysql root access):
    mysql --user root --password
    mysql> SET PASSWORD FOR 'debian-sys-maint'@'localhost' = PASSWORD('your-secret-password');
  3. If an previous mysql-server system upgrade failed, just restart the upgrade.

The (debian) documentation can be found in /usr/share/doc/mysql-server-5.1/README.Debian:

[…] You may never ever delete the special mysql user “debian-sys-maint”. This
user together with the credentials in /etc/mysql/debian.cnf are used by the
init scripts to stop the server as they would require knowledge of the mysql
root users password else.
So in most of the times you can fix the situation by making sure that the
debian.cnf file contains the right password, e.g. by setting a new one
(remember to do a “flush privileges” then). […]

Leave a comment

Your email address will not be published. Required fields are marked *

*