You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Basic question about bash permissions

I am running OS 10.14.6 on a 2013 MacBook Pro.


Sometimes when I am in Terminal, and issue a command that I think I should be allowed to do, the system asks for a password, so I use my Mac user password on this machine. It then responds with a access denied message.

I am the owner and sole user of this machine, so my understanding is I am also the 'System Administrator' (for lack of a better term). I know I'm not supposed to try to log in as 'root' and I wouldn't want to.


For instance (from inside of a MySQL sub-folder named mysql-connector-python-8.0.20), I have my bash prompt set to "sub-folder-name: "

I do the following and enter my account user password on this machine:

mysql-connector-python-8.0.20: mysql -u root -p

Enter password:

ERROR 1698 (28000): Access denied for user 'root'@'localhost'

mysql-connector-python-8.0.20:


However, if I change the command to the following:

mysql-connector-python-8.0.20: sudo mysql -u root -p

Password:

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 38

Server version: 10.4.12-MariaDB Homebrew


Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


MariaDB [(none)]>


At the first Password: prompt I enter my account user password

At the second Enter Password: prompt I enter my MySQL password.


This works of course, but it just seems a bit tedious and unnecessary given what I'm trying to do. Many times I manage to fat-finger one of the two passwords and I'm never sure which one.


Can I modify some permissions somewhere so that I don't have to go thru this?


MacBook Pro 15", macOS 10.14

Posted on May 13, 2020 1:42 PM

Reply
Question marked as Top-ranking reply

Posted on May 13, 2020 3:08 PM

bash has nothing to do with the underlying POSIX permissions.


From your examples, it appears the mysql wants the user who attempts to log into the root account have elevated privileges.

In your second attempt, you used sudo to elevate your privileges, and then logged into mysql.


You'd have to ask mysql if there is a way to log into the root account without elevated privileges.

Why not just create another mysql user that has admin privileges on the mysql server. I don't know if that will solve the requirement for sudo, but perhaps it will.

Similar questions

10 replies
Question marked as Top-ranking reply

May 13, 2020 3:08 PM in response to Claude Crider

bash has nothing to do with the underlying POSIX permissions.


From your examples, it appears the mysql wants the user who attempts to log into the root account have elevated privileges.

In your second attempt, you used sudo to elevate your privileges, and then logged into mysql.


You'd have to ask mysql if there is a way to log into the root account without elevated privileges.

Why not just create another mysql user that has admin privileges on the mysql server. I don't know if that will solve the requirement for sudo, but perhaps it will.

May 13, 2020 4:08 PM in response to Claude Crider

Under the covers the mysql code is either using "ssh root@localhost", or using the 'su' command to become the 'root' users (the almost ultimate privileged user on any Unix based operating system).


Since macOS ships with the root account password disabled (for VERY GOOD REASON, as it is a huge security hole), you will never succeed in entering a password for root.


When you use 'sudo' the command that follows sudo is run as 'root', so it does not need to enter the 'root' password because it is already 'root' and mysql is happy.


I very strongly suggest you never ever give 'root' a valid password. That is just asking for security troubles as there are script kiddies on the internet constantly probing systems to see if 'root' will respond to common passwords.

May 13, 2020 4:48 PM in response to Claude Crider

Those are two different passwords. When you get the prompt that says just "Password:", that is the sudo command. It wants your account password. If your account is an administrator account, then it runs the command.


The next prompt is "Enter password:". That is completely separate and is part of MySQL. Since you are running mysql with "-u root" it wants the password for the MySQL "root" account, which is completely different from the "root" on the Mac.


It sounds like you are entering your user account password for both, that's why it only works with sudo. If you aren't using sudo, then all you need to provide is the MySQL root account password.

May 18, 2020 11:28 AM in response to Barney-15E

I've spent the last 4 days brushing up on Unix. I have 3 elementary books that don't really talk too much about sudo. I'm thinking what I need is 'the unix encyclopedia', Do you have any suggestions either online or text book wise. I think that would be better than wasting any more of the experts time since I have a problem that is all mangled up between Unix, Python and MySQL.


Any advice is appreciated.

May 18, 2020 11:57 AM in response to Claude Crider

man sudo


sudo allows you to execute a command as if you were another user. The 99.44% usage is for that other use to be 'root' the all powerful account that every Unix system has.


sudo checks to see if you are allowed to run sudo by looking in the /etc/sudoers file. The user could be explicitly specified as being allowed to use the sudo command or the user could belong to a group that is allowed to use sudo. On the Mac most users are members of the admin group, which is setup in the macOS /etc/sudoers file.


For authentication, the sudo command makes sure that you are you, by making you enter your account's password, so that if you walked away from your computer and someone walked up and tried to execute a sudo command, they would not know your account password.


On original Unix systems the 'root' user could do absolutely anything. Over the years that has been pared back a bit, and especially with macOS where there are many things that even 'root' is not allowed to do, unless the Mac is booted into a special mode, like when your Mac reboots to install system updates.


Apple found that support costs went up a great deal when users started playing with the 'root' account, either by enabling it, or by using the sudo command. macOS locks down a lot of things so that users cannot shot-themselves-in-the-foot.


Final comment. If you are going to play with sudo or the root account, then make sure you have regular backups, because eventually you will make a mistake and turn your Mac into an overpriced doorstop. I'm speaking from experience. Not with Mac, but with multi-million dollar computer systems where I had administrator privileges. That is the kind of thing that sticks with you. In one instance, I had backups. In the other instance, it was the backups I messed up.

Basic question about bash permissions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.