How to Reset MariaDB Root Password
Overview
MariaDB is the default database engine on many CloudStick-managed servers running Ubuntu or Debian. If the root password has been lost, forgotten, or compromised, you can recover access by temporarily starting MariaDB in safe mode — bypassing authentication long enough to set a new root password. This procedure requires SSH root access to the server but does not require reinstalling MariaDB or touching any application databases.
This guide covers the full recovery process on MariaDB 10.6 (Ubuntu/Debian): stopping the service, launching it in safe mode without grant tables, resetting the root password via the MariaDB shell, and restarting the service normally. A troubleshooting section at the end covers the unix_socket authentication edge case.
Fig. 01 — MariaDB 10.6, the default database engine on CloudStick-managed Ubuntu/Debian servers.
This procedure requires SSH root access to the server. You will be stopping and restarting the MariaDB service, which will briefly interrupt database connections for any running applications. Schedule this during a low-traffic window if possible.
Step 1: Log In as Root
Connect to your server via SSH and switch to the root user. All subsequent commands in this guide must be run as root.
SSH into your server using your preferred client or CloudStick's terminal access.
Run the following command to become root:
sudo -i
If you are already logged in as root, you can skip the sudo -i step.
Step 2: Stop MariaDB
Before starting MariaDB in safe mode, you must stop the currently running service. This is required so the two instances do not conflict on the same socket.
Run the following command to stop the MariaDB service:
systemctl stop mariadb
Verify that the service has stopped — it should show inactive (dead):
systemctl status mariadb
Step 3: Start MariaDB in Safe Mode
Safe mode starts a MariaDB instance that skips the normal grant table checks, allowing you to log in without a password. The --skip-networking flag prevents any network connections during this temporary session.
Run the following command to launch MariaDB in safe mode:
mysqld_safe --skip-grant-tables --skip-networking &
Wait a few seconds for the process to start. You will see some log output and then your shell prompt will return.
The trailing & runs the process in the background. Do not close this terminal session — you will need to kill this process in Step 6.
Step 4: Log In Without a Password
With grant tables bypassed, you can now connect to the MariaDB shell as root without providing any password.
Open the MariaDB shell:
mysql -u root
You should see the MariaDB [(none)]> prompt, confirming you are now inside the database shell.
Step 5: Reset the Root Password
With an open shell session, flush the privilege tables to re-enable them, then use the ALTER USER statement to set your new root password. Run these commands one at a time inside the MariaDB shell.
First, reload the privilege tables:
FLUSH PRIVILEGES;
Then set the new root password — replace YourNewPassword with a strong password of your choice:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'YourNewPassword';
Flush privileges again to ensure the change is applied immediately:
FLUSH PRIVILEGES;
Exit the MariaDB shell:
EXIT;
Choose a password of at least 12 characters, mixing uppercase, lowercase, numbers, and symbols. Store it in a password manager immediately after this step.
Step 6: Restart MariaDB Normally
Now that the password has been reset, stop the safe-mode instance and restart MariaDB through systemd so it runs with its full security configuration.
Kill the safe-mode instance you started in Step 3:
kill $(pgrep mysqld_safe)
Start MariaDB normally through systemd:
systemctl start mariadb
Confirm the service is running:
systemctl status mariadb
Step 7: Verify the New Password
Test that the new root password works by logging in to the MariaDB shell using password authentication.
Run the following command and enter your new password when prompted:
mysql -u root -p
If you see the MariaDB [(none)]> prompt, the password reset was successful.
Type EXIT; to leave the shell.
Troubleshooting: unix_socket Authentication
On some MariaDB installations, the root account uses the unix_socket authentication plugin rather than a password. If Step 5 does not work as expected, try the following alternative inside the MariaDB shell:
Switch to password authentication: Run this inside the MariaDB shell to update the plugin and set a password at the same time:
UPDATE mysql.user SET plugin = 'mysql_native_password', Password = PASSWORD('YourNewPassword') WHERE User = 'root';
FLUSH PRIVILEGES;
EXIT;Restart MariaDB after running this fix:
systemctl restart mariadb
The unix_socket plugin allows the OS root user to log in to MariaDB without a password. Switching to mysql_native_password enables standard password-based login from any client, including CloudStick's database management panel.