Instance Manager User and Password Management


MySQL Instance Manager has been deprecated and is removed in MySQL 5.5.

The Instance Manager stores its user information in a password file. On Windows, the default is mysqlmanager.passwd in the directory where Instance Manager is installed. On Unix, the default file is /etc/mysqlmanager.passwd. To specify a different location for the password file, use the --password-file option.

If the password file does not exist or contains no password entries, you cannot connect to the Instance Manager.


Any Instance Manager process that is running to monitor server instances does not notice changes to the password file. You must stop it and restart it after making password entry changes.

Entries in the password file have the following format, where the two fields are the account user name and encrypted password, separated by a colon:


Instance Manager password encryption is the same as that used by MySQL Server. It is a one-way operation; no means are provided for decrypting encrypted passwords.

Instance Manager accounts differ somewhat from MySQL Server accounts:

This means that a client can connect to Instance Manager with a given user name from any host. To limit connections so that clients can connect only from the local host, start Instance Manager with the --bind-address= option so that it listens only to the local network interface. Remote clients will not be able to connect. Local clients can connect like this:

shell> mysql -h -P 2273

Before MySQL 5.1.12, the only option for creating password file entries is --passwd, which causes Instance Manager to prompt for user name and password values and display the resulting entry. You can save the output in the /etc/mysqlmanager.passwd password file to store it. Here is an example:

shell> mysqlmanager --passwd >> /etc/mysqlmanager.passwd
Creating record for new user.
Enter user name: mike
Enter password: mikepass
Re-type password: mikepass

At the prompts, enter the user name and password for the new Instance Manager user. You must enter the password twice. It does not echo to the screen, so double entry guards against entering a different password than you intend (if the two passwords do not match, no entry is generated).

The preceding command causes the following line to be added to /etc/mysqlmanager.passwd:


Use of the --passwd option fails if mysqlmanager is invoked directly from an IBM 5250 terminal. To work around this, use a command like the following from the command line to generate the password entry:

shell> mysql -B --skip-column-name \
         -e 'SELECT CONCAT("user_name",":",PASSWORD("pass_val"));'

The output from the command can be used an entry in the /etc/mysqlmanager.passwd file.

Beginning with MySQL 5.1.12, the --passwd option is renamed to --print-password-line and there are several other options for managing user accounts from the command line. For example, the --username and --password options are available on the command line for specifying the user name and password for an account entry. You can use them to generate an entry with no prompting like this (type the command on a single line):

shell> mysqlmanager --print-password-line
         --username=mike --password=mikepass >> /etc/mysqlmanager.passwd

If you omit the --username or --password option, Instance Manager prompts for the required value.

--print-password-line causes Instance Manager to send the resulting account entry to its output, which you can append to the password file. The following list describes other account-management options that cause Instance Manager to operate directly on the password file. (These options make Instance Manager scriptable for account-management purposes.) For operations on the password file to succeed, the file must exist and it must be accessible by Instance Manager. (The exception is --clean-password-file, which creates the file if it does not exist. Alternatively, if there is no password file, manually create it as an empty file and ensure that its ownership and access modes permit it to be read and written by Instance Manager.) The default password file is used unless you specify a --password-file option.

To ensure consistent treatment of the password file, it should be owned by the system account that you use for running Instance Manager to manage server instances, and you should invoke it from that account when you use it to manage accounts in the password file.

  • Create a new user:

    mysqlmanager --add-user --username=user_name [--password=password]

    This command adds a new entry with the given user name and password to the password file. The --username (or -u) option is required. mysqlmanager prompts for the password if it is not given on the command line with the --password (or -p) option. The command fails if the user already exists.

  • Drop an existing user:

    mysqlmanager --drop-user --username=user_name

    This command removes the entry with the given user name from the password file. The user name is required. The command fails if the user does not exist.

  • Change the password for an existing user:

    mysqlmanager --edit-user --username=user_name [--password=password]

    This command changes the given user's password in the password file. The user name is required. mysqlmanager prompts for the password it is not given on the command line. The command fails if the user does not exist.

  • List existing users:

    mysqlmanager --list-users

    This command lists the user names of the accounts in the password file.

  • Check the password file:

    mysqlmanager --check-password-file

    This command performs a consistency and validity check of the password file. The command fails if there is something wrong with the file.

  • Empty the password file:

    mysqlmanager --clean-password-file

    This command empties the password file, which has the effect of dropping all users listed in it. The option creates the password file if it does not exist, so it can be used to initialize a new password file to be used for other account-management operations. Take care not to use this option to reinitialize a file containing accounts that you do not want to drop.

User Comments
Sign Up Login You must be logged in to post a comment.