โ๏ธ Introduction
When working with MariaDB/MySQL inside XAMPP on Ubuntu, many developers face confusing issues related to root password behavior, localhost vs 127.0.0.1 access, and authentication plugins.
This tutorial provides a comprehensive step-by-step guide to understand, troubleshoot, and secure your MariaDB setup.
โ
Learn why password prompts behave differently,
โ
How to fix broken authentication (even after using --skip-grant-tables),
โ
And how to set up proper security best practices for production or local development.
๐ Problem: Different Behavior Between localhost and 127.0.0.1
You may notice:
- When connecting via
localhost, MariaDB allows login without password. - When connecting via
127.0.0.1, it asks for root password.
โ This is not a bug โ it’s due to different connection methods.
| Connection Type | Behavior |
|---|---|
localhost | Connects via Unix Socket (auth_socket plugin) |
127.0.0.1 | Connects via TCP/IP (password-based plugin) |
In MariaDB, different plugins can authenticate based on how you connect.
๐ How to Check Current User Authentication Plugins
Login to MariaDB (even without password if allowed):
sudo mysql -u root
Run:
SELECT user, host, plugin FROM mysql.user;
Code language: CSS (css)
Typical result:
| user | host | plugin |
|---|---|---|
| root | localhost | auth_socket |
| root | 127.0.0.1 | mysql_native_password |
๐ How to Fix: Make Root Always Require Password
By default, in Ubuntu XAMPP, root@localhost may use auth_socket, meaning system login, not password login.
To fix and enforce password login, change the authentication plugin.
โ Correct command for MariaDB:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'yourStrongPassword';
FLUSH PRIVILEGES;
Code language: JavaScript (javascript)
โ After that:
- Connecting via
localhostor127.0.0.1both require password. - No automatic system user trust.
๐ What If You See --skip-grant-tables Error?
If you get:
ERROR 1290 (HY000): The MariaDB server is running with the --skip-grant-tables option
Code language: JavaScript (javascript)
It means:
- Grant tables are disabled,
- You cannot ALTER USER or SET PASSWORD.
โ Solution:
- Stop MariaDB:
sudo /opt/lampp/lampp stopmysql
- Start MariaDB normally:
sudo /opt/lampp/lampp startmysql
- Then login and fix password properly.
๐ฆ How to Check and Remove Permanent --skip-grant-tables
Sometimes, --skip-grant-tables is accidentally set in XAMPPโs MariaDB configuration.
Check file:
sudo nano /opt/lampp/etc/my.cnf
Look for:
skip-grant-tables
โ If found, comment it out:
#skip-grant-tables
Code language: CSS (css)
โ Then restart MariaDB.
๐ฅ Best Practices to Secure MariaDB on Ubuntu (especially inside XAMPP)
| Practice | Why It Matters |
|---|---|
| Always set a strong password for root | Prevent unauthorized access |
| Disable root remote login | root should only login from localhost |
| Create a new admin user | Use adminuser@localhost for your apps instead of root |
| Keep your MariaDB updated | Get latest security patches |
| Secure XAMPP itself | Password-protect XAMPP dashboard and phpMyAdmin |
๐ How to Create a New Admin User (Recommended)
- Login:
mysql -u root -p
- Run:
CREATE USER 'adminuser'@'localhost' IDENTIFIED BY 'yourSecurePassword123!';
GRANT ALL PRIVILEGES ON *.* TO 'adminuser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Code language: JavaScript (javascript)
โ
Now you can use adminuser safely for all database operations.
๐ Summary Checklist
| Action | Done? |
|---|---|
Fix root password with ALTER USER | โ |
Restart MariaDB without --skip-grant-tables | โ |
Remove skip-grant-tables from my.cnf | โ |
| Disable root remote access (optional) | โ |
| Create separate admin user for apps | โ |
๐ Final Notes
- When using MariaDB with XAMPP in Ubuntu, always verify connection method differences (
localhostvs127.0.0.1). - Ensure MariaDB server runs without –skip-grant-tables for full security.
- Don’t use
rootfor web apps โ create a limited user. - Always restart XAMPP cleanly after major database config changes.
๐ง Pro Tip
If youโre planning to expose XAMPP or MariaDB over the internet (even in test environments):
- Enable SSL/TLS for MySQL connections.
- Use firewall rules to restrict IP access.
- Prefer SSH tunnels for remote database connections instead of direct port opening.
๐ข Conclusion
“A secure database setup begins with understanding the basics: authentication, connection types, and privilege management.”
Following the steps in this tutorial will ensure you have a properly secured and consistent MariaDB environment inside XAMPP, ready for both development and production testing.
Stay secure. Happy coding! ๐
โ Ready-To-Use Final Command Set (Summary)
sudo /opt/lampp/lampp stopmysql
sudo nano /opt/lampp/etc/my.cnf # Comment out skip-grant-tables if exists
sudo /opt/lampp/lampp startmysql
mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED BY 'YourStrongPassword!';
FLUSH PRIVILEGES;
CREATE USER 'adminuser'@'localhost' IDENTIFIED BY 'yourSecurePassword123!';
GRANT ALL PRIVILEGES ON *.* TO 'adminuser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Code language: PHP (php)
โ Done!
I’m Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms.
I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services โ all in one place.
Explore Hospitals
A commonly overlooked aspect in managing MariaDB root password behavior in XAMPP on Ubuntu is how different connection methods affect authentication results. In practice, the difference between using
localhostand127.0.0.1often causes confusion because one may use a Unix socket while the other relies on TCP authentication, leading to inconsistent login behavior even when credentials appear correct.Another gap is the reliance on default or simplified authentication setups in local XAMPP environments, where root access may initially be passwordless or tied to socket-based authentication. While convenient for development, this can create misalignment when moving toward more secure or production-like configurations where stricter authentication rules apply.
There is also limited focus on secure recovery practices, especially when using methods like
--skip-grant-tables. Although useful for troubleshooting, this approach temporarily disables critical security controls and should be handled carefully to avoid exposing the database to unauthorized access during recovery operations.In real-world usage, a better approach is to avoid using root for application connections and instead implement dedicated users with restricted privileges, along with consistent authentication settings. This helps maintain security, reduces configuration drift, and ensures smoother transitions between development, staging, and production environments.