Practice Now
MySQL error
Ubuntu installation issue
database access problem
root user access
localhost connection error

Access denied for user 'root''localhost' using password YES after new installation on Ubuntu

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Start PracticingLearn More

Introduction

This MySQL error is very common on a fresh Ubuntu install because the root account is often configured differently from what people expect. Many tutorials assume password-based login for root, while Ubuntu packages frequently set up socket-based authentication instead. The result is that mysql -u root -p fails even though the server is installed correctly.

Why A Fresh Install Can Reject root

On Ubuntu, the root MySQL account may use the auth_socket plugin instead of password authentication. With that setup, MySQL trusts the local Unix user running the command through sudo, not a password typed into the client.

That means this can fail:

bash
mysql -u root -p

But this can succeed:

bash
sudo mysql

So the first troubleshooting step is not to reset everything. It is to confirm which authentication method the root account is actually using.

Check The Service And Log In The Correct Way

Before changing users or passwords, confirm the server is running.

bash
sudo systemctl status mysql

If it is active, try connecting with the Unix socket:

bash
sudo mysql

Once inside the MySQL shell, inspect the account configuration.

sql
SELECT user, host, plugin
FROM mysql.user
WHERE user = 'root';

If the plugin is auth_socket, then password login is not the current setup, which explains the error message.

Option 1: Keep Socket Authentication For root

This is often the cleanest choice on a local Ubuntu machine. It means administrative MySQL access is tied to system-level sudo.

In that workflow:

  • use sudo mysql for admin work,
  • do not expect mysql -u root -p to work,
  • create separate application users for normal database access.

That is often safer than turning root into a password-based account used by scripts and tools.

Option 2: Switch root To Password Authentication

If you really want password-based login for root, change the authentication method while logged in through sudo mysql.

sql
1ALTER USER 'root'@'localhost'
2IDENTIFIED WITH caching_sha2_password BY 'StrongPassw0rd!';
3
4FLUSH PRIVILEGES;

After that, test with:

bash
mysql -u root -p

If your MySQL version or packaging differs, the exact plugin name may vary, but the principle is the same: the authentication plugin and password method must match the way you intend to log in.

Option 3: Create A Separate Administrative User

In many environments, changing root is unnecessary. A better pattern is to keep the packaged root setup and create another administrative account for daily use.

sql
CREATE USER 'adminuser'@'localhost' IDENTIFIED BY 'StrongPassw0rd!';
GRANT ALL PRIVILEGES ON *.* TO 'adminuser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Then connect with:

bash
mysql -u adminuser -p

This is often cleaner because it preserves the system default behavior while still giving you a password-authenticated admin account.

Other Causes Worth Checking

Although socket authentication is the most common cause on Ubuntu, it is not the only one.

  • The password may simply be wrong.
  • The account may exist for a different host than localhost.
  • MariaDB may be installed instead of MySQL, with slightly different defaults.
  • The server may not have finished initial setup.
  • A previous failed reinstall may have left old data in place.

If you suspect an account mismatch, inspect all root-related entries:

sql
SELECT user, host, plugin
FROM mysql.user
ORDER BY user, host;

That helps you see whether root exists only for localhost or has a different authentication method than expected.

Use Application Users For Applications

Even if you fix root access, do not point your app at the root account. Create a least-privilege user for the database the app needs.

sql
1CREATE DATABASE sample_app;
2CREATE USER 'sample_app_user'@'localhost' IDENTIFIED BY 'AppPassw0rd!';
3GRANT ALL PRIVILEGES ON sample_app.* TO 'sample_app_user'@'localhost';
4FLUSH PRIVILEGES;

This reduces risk and makes later permission debugging much easier.

Common Pitfalls

  • Assuming root should always use password authentication on Ubuntu.
  • Resetting the installation before checking whether sudo mysql already works.
  • Changing root authentication when a separate admin or app user would be better.
  • Using root for application connections instead of creating a limited user.
  • Ignoring the host column and checking only the username.

Summary

  • On Ubuntu, root often authenticates through auth_socket, not a password.
  • Try sudo mysql before assuming the installation is broken.
  • Inspect mysql.user to see the active plugin and host settings.
  • Switch root to password authentication only if you actually need that workflow.
  • Prefer dedicated admin and application users instead of relying on root everywhere.
Course illustration
Course illustration
Codemia
© 2026 Codemia
Resources
Legal
Social
All Rights Reserved.