This section describes how to initialize the data directory using mysqld, the MySQL server.
In MySQL 8.0, the default authentication plugin has changed from
caching_sha2_password, and the
'root'@'localhost' administrative account uses
caching_sha2_password by default. If you prefer that the
root account use the previous default authentication plugin (
mysql_native_password), see caching_sha2_password and the root Administrative Account.
The following instructions assume that your current location is the MySQL installation directory, represented here by
shell> cd BASEDIR
To initialize the data directory, invoke mysqld with the
--initialize-insecure option, depending on whether you want the server to generate a random initial password for the
On Windows, use one of these commands:
C:\> bin\mysqld --initialize
C:\> bin\mysqld --initialize-insecure
On Unix and Unix-like systems, it is important to make sure that the database directories and files are owned by the
mysql login account so that the server has read and write access to them when you run it later. To ensure this, start mysqld from the system
root account and include the
--user option as shown here:
shell> bin/mysqld --initialize --user=mysql
shell> bin/mysqld --initialize-insecure --user=mysql
Otherwise, execute the program while logged in as
mysql, in which case you can omit the
--user option from the command.
Regardless of platform, use
--initialize for “secure by default” installation (that is, including generation of a random initial
root password). In this case, the password is marked as expired and you will need to choose a new one. With the
--initialize-insecure option, no
root password is generated; it is assumed that you will assign a password to the account in timely fashion before putting the server into production use.
It might be necessary to specify other options such as
--datadir if mysqld cannot identify the correct locations for the installation directory or data directory. For example (enter the command on one line):
shell> bin/mysqld --initialize --user=mysql
Alternatively, put the relevant option settings in an option file and pass the name of that file to mysqld. For Unix and Unix-like systems, suppose that the option file name is
/opt/mysql/mysql/etc/my.cnf. Put these lines in the file:
Then invoke mysqld as follows (enter the command on a single line with the
--defaults-file option first):
shell> bin/mysqld --defaults-file=/opt/mysql/mysql/etc/my.cnf --initialize --user=mysql
On Windows, suppose that
C:\my.ini contains these lines:
basedir=C:\\Program Files\\MySQL\\MySQL Server 8.0
C:\> bin/mysqld --defaults-file=C:\my.ini --initialize
The server writes any messages to its standard error output. This may be redirected to the error log, so look there if you do not see the messages on your screen. For information about the error log, including where it is located, see Section 5.4.2, “The Error Log”.
On Windows, use the
--console option to direct messages to the console.
The server checks for the existence of the data directory as follows:
If no data directory exists, the server creates it.
If a data directory exists but is not empty (that is, it contains files or subdirectories), the server exits after producing an error message:
[ERROR] --initialize specified but the data directory exists. Aborting.
In this case, remove or rename the data directory and try again.
An existing data directory is permitted to be nonempty if every entry has a name that begins with a period (
Within the data directory, the server creates the
mysqlsystem database and its tables, including the grant tables, server-side help tables, and time zone tables. For a complete listing and description of the grant tables, see Section 6.2, “The MySQL Access Privilege System”.
After mysqld sets up the
InnoDBsystem tablespace, changes to some tablespace characteristics require setting up a whole new instance. This includes the file name of the first file in the system tablespace and the number of undo logs. If you do not want to use the default values, make sure that the settings for the
innodb_log_file_sizeconfiguration parameters are in place in the MySQL configuration file before running mysqld. Also make sure to specify as necessary other parameters that affect the creation and location of
InnoDBfiles, such as
The server creates a
'root'@'localhost'superuser account and other reserved accounts (see Section 6.3.5, “Reserved User Accounts”). Some reserved accounts are locked and cannot be used by clients, but
'root'@'localhost'is intended for administrative use and you should assign it a password.
The server's action with respect to a password for the
'root'@'localhost'account depends on how you invoke it:
--initialize-insecure, (either with or without
--initialize), the server does not generate a password or mark it expired, and writes a warning message:
Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
See later in this section for instructions on assigning a new
The server populates the server-side help tables if content is available (in the
fill_help_tables.sqlfile). The server does not populate the time zone tables; to do so, see Section 5.1.12, “MySQL Server Time Zone Support”.
--init-fileoption was given to name a file of SQL statements, the server executes the statements in the file. This option enables you to perform custom bootstrapping sequences.
When the server operates in bootstrap mode, some functionality is unavailable that limits the statements permitted in the file. These include statements that relate to account management (such as
GRANT), replication, and global transaction identifiers.
The server exits.
After you initialize the data directory by starting the server with
--initialize-insecure, start the server normally (that is, without either of those options) and assign the
'root'@'localhost' account a new password:
Start the server. For instructions, see Section 2.9.2, “Starting the Server”.
Connect to the server:
Look in the server error log if you do not know this password.
If you used
--initialize-insecureto initialize the data directory, connect to the server as
rootwithout a password:
shell> mysql -u root --skip-password
After connecting, assign a new
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
An attempt to connect to the host
127.0.0.1 normally resolves to the
localhost account. However, this fails if the server is run with the
--skip-name-resolve option. If you plan to do that, make sure that an account exists that can accept a connection. For example, to be able to connect as
--host=::1, create these accounts:
CREATE USER 'root'@'127.0.0.1' IDENTIFIED BY 'root-password'; CREATE USER 'root'@'::1' IDENTIFIED BY 'root-password';
It is possible to put those statements in a file to be executed by the
--init-file option discussed previously.
The data directory initialization sequence performed by the server does not substitute for the actions performed by mysql_secure_installation or mysql_ssl_rsa_setup. See Section 4.4.2, “mysql_secure_installation — Improve MySQL Installation Security”, and Section 4.4.3, “mysql_ssl_rsa_setup — Create SSL/RSA Files”.