Access denied access denied. Folder Access Denied - what to do? My advice. Urtbchpyuope thlpchpdufchp rp mysql

When working with the PayPal service, the client will face a number of restrictions and prohibitions. This applies to both new and old users. The first restrictions are detected immediately after registration, and if the rules are violated, a block or ban on access to the system is imposed. Most problems can be avoided by complying with the service requirements and providing the requested information. Let's figure out what PayPal status “access denied” or PayPal limited access means and what to do in such cases.

Initial prohibitions

After creating an account in the PayPal payment service, new clients face a number of restrictions. Access to many PayPal transactions is prohibited. This is due to the lack of important information about the client. If the user refuses to link a card or bank account or provide personal data, his account is assigned the “Anonymous” status. Bans on functions are lifted after the company receives the required information.

1. Anonymous. The owner cannot make transfers or withdraw funds from the PayPal account. The monthly limit on transactions is 40,000 rubles, and a one-time transfer is 15,000 rubles.
2. Personalized. Such a user is prohibited from transferring more than 200,000 rubles per month; in one action you can send up to 60,000 rubles. You can obtain this status and partially remove restrictions after linking and verifying your bank card or account.
3. Verified. The permissible limit for monthly transactions is 550,000 rubles. The owner gets the opportunity to create. The maximum allowable amount for a single transaction is $5,000.

For a client who has completed all points, all prohibitions are lifted. Transferring funds, accepting payments, withdrawing money, working with a card and much more becomes available to a user with a verified account.

Entry ban

Clients who have just created an account in the system often cannot log into PayPal. The reason, in most cases, is incorrect data entry during authorization. It is recommended to double-check your password and email address. If you can’t remember the correct information, you should click on “Can’t log into account.” Using the window that appears, lost information is restored. To complete the procedure, you will need answers to verification questions.

However, the reason does not always lie in incorrectly entered data. An error when logging in may appear due to the browser you are using or “garbage” in it. Therefore, before it is recommended to clear the cache, history and cookies. It's worth trying with a different browser.

Reasons for blocking access by the system

According to the set of rules adopted during registration, PayPal is able to block access to the site and impose any prohibitions and restrictions on the client. If you notice that some service function or account has stopped working, you should check your email. When blocked or banned, the user receives a letter containing information about the causes and solution to the problem.

Reasons for restricting access:

• Suspicious activity. If the security service suspects that the account has been hacked, access to the account is closed. The owner will need to complete the data recovery procedure and send the requested documents.
• Creating a second account. According to the service, this is a serious offense for which the user’s access is restricted. Most often, the client is blacklisted and prohibited from further working with the system. New accounts created by the user will be blocked.
• Deception.
• A lot of controversy. If a user creates many open disputes, the system will suspect him of fraudulent activity.
• Entering false information. If the data from the documents provided to remove restrictions does not match those already entered, the system will deny access to the owner. It is important to provide all information correctly. Some data, for example country of residence, is selected once without the possibility of further changes.
• Participation in suspicious schemes. If a user has somehow come into contact with scammers, his account may be blocked.

It’s not for nothing that the system is considered reliable. Constant checks and restrictions guarantee the safety of clients' money. Of course, simple, honest users who have not studied the agreement are often subject to sanctions. The contract specifies all the recommendations, following which you can avoid blocking access to the site.

What is access denied?

A serious violation of the rules entails a complete blocking of the account, a ban on further work with the system, and you will receive a message: “PayPal, access denied.” However, complete blocking of access does not apply only to fraudsters or in case of a number of inconsistencies. Only a temporary restriction is imposed on respectable users.

Access to:

1. Account. The payment system may freeze the account for 180 days.
2. Receiving payments. A client with such a restriction will not be able to accept transfers.
3. Sending by transfer. The system prohibits sending money for goods, services, etc.
4. Service statistics.
5. Account operations. Until the restriction is lifted, submitting an application to close an account is not available. A procedure is required when changing passport data or moving to another country (each state has its own PayPal operating conditions). After submitting an application, the account is frozen for 180 days, and after a year is blocked.

Documents required to lift restrictions

Any restriction or blocking is accompanied by receiving a letter by email. The notice specifies the reason for the ban and the paperwork required to lift it. To further work with PayPal, the owner must collect and submit all specified documents for review.

The system requests:

1. Passport. A passport of the client's country or international passport will do. It is advisable to send a scan of the registration page.
2. Additional papers. The system will accept statements of bank accounts or user cards, utility bills and similar documents. The item is mandatory; without additional papers, the verification will fail. It is recommended to send several documents at once. Any official papers that contain the address, full name and other information about the client will do.
3. Photo. Depending on the situation, PayPal may request a photo of the user holding a passport or the product being offered.
4. Correspondence, contracts, invoices.

Collected papers can be sent via account or fax. It is important to use a reliable connection so that information does not fall into the wrong hands. The first method is the easiest; the client is required to log into his account, upload scans of documents and click “Submit”. Faxing is more difficult because it requires printing and filling out a cover page.

Data protection

Many users, having seen the message: PayPal access denied, do not know what to do, and because of this they fall into the trap of scammers. Each blocking and restriction is accompanied by an information letter. However, such a notification could be an attempt by scammers to steal an account from a frightened customer. You should immediately determine whether the letter is real or fake.

You need to pay attention to:

• Appeal. Fraudsters usually only know their email address, so they don’t use their full name when contacting them. This letter always contains this information.
• Return address. PayPal service sends letters from the mailbox [email protected]. If the email is different, they are clearly scammers and should be reported to security.

Regaining access to the system and its functions is not a problem, the main thing is to follow the instructions and maintain a dialogue with technical support. The payment service helps the client at all stages of lifting restrictions.

When deleting a folder, whether it is a system folder or remains after uninstalling a program, you may encounter the Folder Access Denied error. And there is no way to remove it. I will not analyze this error and look for ways to eliminate it - I will just give you advice on what to do in such a situation. To solve this, a tool called Unlocker has long been invented - this tiny utility is capable of deleting almost any file/folder that cannot be deleted in a simple way. Sometimes you can remove it right away, sometimes a reboot is necessary.

Unlocker can be downloaded on the Internet, it is available on every corner, but I recommend downloading it from trusted software resources.

An example of the Folder Access Denied error when deleting the Windows Media Player system folder:

It is strictly not recommended to delete the Windows Media Player folder, since it is a system folder and its deletion may affect the operation of other programs. But I’ll tell you a secret - for experimental purposes, I used the Unlocker utility to delete not only the above folder, but also the Internet Explorer folder. And I even somehow managed to delete Program Files (x86). Of course, there were some problems, but this was an experiment, and an image of the system was created on another disk just in case of problems. A system image is a complete backup copy of the entire system disk. I recommend creating it regularly - it will help if any problems arise.

An example of a similar error:

How to delete using Unlocker? Everything is extremely simple - right-click on the file/folder, select Unlocker:

A window similar to this may appear:

I'm constantly confused about what to do with this window. The window means that some process is blocking the deletion of the folder. First you need to end the process - this must be done by clicking on the Delete process button. But the menu on the left should indicate Delete - to delete the selected folder/file. But such a window appears infrequently. Apparently I am not destined to understand the algorithm.

That's all. Good luck to you.

If you can't get the password to work, remember that the PASSWORD() function must be used if you set the password using an INSERT , UPDATE , or SET PASSWORD statement. If you specify a password using the GRANT ... INDENTIFIED BY statement or the mysqladmin password command, the PASSWORD() function is not needed. Refer to See Section 4.3.7, “Setting Passwords”.

localhost is a synonym for your local host name, and if host is not explicitly given, also the default host name that clients try to connect to. However, connections to localhost do not work if your production system uses MIT streams and MySQL older than version 3.23.27 (connections to localhost are made using Unix sockets, which were not supported by MIT streams technology back then). To avoid this problem on such systems, you should explicitly set the server hostname using the --host option. This will establish a connection to the mysqld server using the TCP/IP protocol. In this case, the entries in the user table stored on the server host must contain the real hostname. (This is true even if the client program and server are running on the same host.)

If you get an Access denied error when you try to connect to a database using the mysql -u user_name db_name command, the problem may be in the user table. To check this, run the command mysql -u root mysql and enter the following SQL statement:

Mysql> SELECT * FROM user;

The result will be an entry with Host and User columns corresponding to your computer name and your MySQL username.

The Access denied error message tells you what name you are trying to log in under, the host name you are trying to connect from, and whether you used a password or not. Typically, there will be one entry in the user table that exactly matches the hostname and username specified in the error message. For example, if you receive an error message that says Using password: NO, it means that you tried to log in without providing a password.

If, when you try to connect from a computer other than the one on which the MySQL server is running, you receive the error message below, then the user table is missing a row with this host name:

Host ... is not allowed to connect to this MySQL server

To fix this error, use the mysql command line utility (on the server host!) to add a row to the user , db , or host table with the username/host combination that matches the one you are using when trying to connect. Then run the mysqladmin flush-privileges command. If you are using a MySQL version other than Version 3.22 and you do not know the hostname or IP address of the computer you are connecting from, enter an entry in the user table with a value of "%" in the Host field and restart mysqld on the server machine with the -- option log. When the connection from the client machine is established, you will find information in the MySQL log about the name of the host from which you connected.

(You should then replace the "%" value in the user table entry with the actual hostname from the log. Otherwise, your system will remain unprotected.)

On Linux, the cause of this error may be that the MySQL binary is compiled with a different version of glibc than the one you are using. In this case, you will need to either update the OS/glibc you are using, or download the MySQL source code and compile the server yourself.

Typically, the source RPM is easy to compile and install, so this won't be a major problem.

If you receive an error message in which the hostname is not specified at all or the IP address is specified, although you specified the hostname when trying to connect:

• Shell> mysqladmin -u root -pxxxx -h some-hostname ver Access denied for user: "root@" (Using password: YES)

  then this means that the error occurs when MySQL tries to map the IP address to the hostname. In this case, you can run the mysqladmin flush-hosts command to flush the internal DNS cache.

  Refer to See Section 5.5.5, "How MySQL Uses DNS". Here are some ways to solve this problem:

  Try to find out what is wrong with your DNS server and fix the problem.

  Set IP addresses instead of hostnames in MySQL privilege tables.

  Start mysqld with the --skip-name-resolve option.

If mysql -u root test succeeds, but mysql -h your_hostname -u root tes t results in an Access denied error, your hostname may be incorrect in the user table. One common problem here is that the Host field of the record stored in the user table specifies only the host name, while the name resolution routines used by your system return the fully qualified domain name (or vice versa).

For example, if the user table has an entry with the value "tcx" in the host field, and DNS tells MySQL that the hostname is "tcx.subnet.se", that entry will have no effect. Try adding an entry to the user table, specifying the host IP address in the Host column. (Alternatively, you can add a record to the user table with a value in the Host field that contains a wildcard character, such as "tcx.%". But using hostnames ending in "%" is not safe and is not recommended!)

If the mysql -u user_name test command succeeds but the mysql -u user_name other_db_nam e command does not, then there is no entry in the db table that matches other_db_name .

If the mysql -u user_name db_name command succeeds on the computer where the server is installed, but mysql -u host_name -u user_name db_name does not work when executed on another client machine, then that client machine is not registered in the user or db tables.

If you receive the following error, then the problem may be related to the db table or host table:

Access to database denied

If the entry selected from the db table has a Host column that is empty, make sure that there is at least one matching entry in the host table indicating which hosts the entry in the db table applies to. If the error occurs when you run the SELECT ... INTO OUTFILE or LOAD DATA INFILE SQL command, then your entry from the user table probably does not have permission to grant the FILE privilege.

Please note that client programs will use connection parameters specified in configuration files or environment variables. Refer to See Appendix E. Environment Variables

. If you suspect that the client is sending incorrect default connection parameters when you do not specify them on the command line, check your environment and the my.cnf file in your home directory.

If you encounter access problems when using Perl, PHP, Python, or ODBC programs, try connecting to the server using the mysql -u user_name db_name command or the mysql -u user_name -pyour_pass db_name command. If your mysql client provides the connection, then the problem is not with access privileges, but with your program. (Note that there is no space between -p and the password; you can also use the --password=your_pass syntax to set the password. If you use just the -p option itself, MySQL will prompt you for the password)

When testing, start the mysqld daemon with the --skip-grant-tables option. You can then modify the MySQL privilege tables and use the mysqlaccess script to check whether the changes you made have the desired effect. If you are happy with the results, run the mysqladmin flush-privileges command to tell the mysqld server to start using the new privilege tables. Attention

: Reloading grant tables overrides the --skip-grant-tables option. This allows you to force the server to start using new privilege tables without shutting down and rebooting it.

If all else fails, start the mysqld daemon with a debug option (eg --debug=d,general,query). The result will display information about failed connections, indicating the host and user, as well as all processed commands. Refer to See Section D.1.2, “Creating Trace Files”.

If you have any problem with the MySQL privilege tables and think you need to report it to the mailing list, you should be sure to include a printout of the MySQL privilege tables with your report. This can be done using the mysqldump mysql command. The problem is reported, as in other cases, using the mysqlbug script. Refer to See Section 1.8.1.3, “How to Report Errors or Issues.” In some cases, in order to run the mysqldump script, you may need to restart mysqld with the --skip-grant-tables option.

URTBChPYUOPE THLPCHPDUFChP RP MySQL

4.2.11 rTYUYOSCH RPSCHMEOYS PYYVPL Access denied ("CH DPUFHRE PFLBBOBOP")

• ъBRХУЛБМИ MY CHSHCH RPUME YOUFBMMSGYY MySQL ULTYRF mysql_install_db DMS KHUFBOPCHLY OBUBMSHOPZP UPDETSYNPZP FBVMYG RTYCHYMEZYK? eUMY OEF, UDEMBKFE LFP. pVTBFYFEUSH L TBDEMH See section 4.3.4 ъBDBOYE YOBYUBMSHOSHI RTYCHYMEZYK MySQL. rTPCHETSHFE RETCHPOBUBMSHOSHE RTYCHYMEZYY U RPNPESH UMEDHAEEK LPNBODSCH: shell> mysql -u root test rPDUPEDYOOYE DPMTSOP RTPYЪPKFY VEЪ UVPS. UMEDHEF FBLCE KHVEDYFSHUS, YuFP CH LBFBMPZE VBOSCH DBOOSCHI MySQL YNEEFUS ZHBKM `user.MYD" . pVSHYUOP BY OBIPDIFUS CH DYTELFPTYY `PATH/var/mysql/user.MYD" , WHERE PATH - RHFSH L LPTOECHPN X LBFBMPZH YOUFBMMSGYY MySQL.
• rPUME OPChPK YOUFBMMSGY UMEDHEF RPDUPEDOYFSHUS L UETCHETH Y UPJDBFSH RPMSHЪPCHBFEMEK, B FBLCE KHUFBOPCHYFSH DMS OYI RTBCHB DPUFHRB: shell> mysql -u root mysql UETCHET TBBTEYYF RPDU PEDYOOYE, F.L. RPMSHЪPCHBFEMS MySQL U YNEOEN RPMSHЪPCHBFEMS root YUIDOP OE YNEEF RBTPMS. OP CH LFPN ЪBLMAYUBEFUS FBLCE Y TYUL OBTHYEOYS VEЪPRBUOPUFY UYUFENSH, RPFPNH RTY UPBDBOY PUFBMSHOSHI RPMSHЪPCHBFEMEK MySQL, ChBN, RPNYNP RTPYUEZP, UMEDHEF DBFSH RBTPMSH DMS RPMSHЪPCHBFEMS root . eUMY RTY RPRSCHFLE RPDUPEDOEOYS PF YNEOY RPMSHJPCHBFEMS root CHCH RPMKHUYFE UMEDHAEHA PYYVLH: Access denied for user: "@unknown" to database mysql LFP POBYUBEF, YuFP CH FBVMYGE user PFUHFUFCHHEF ЪBRYU SH UP OBYUEOYEN "root" CH UFPMVGE User І mysqld OE NPTSEF PRTEDEMYFSH YNS IPUFB DMS CHBYEZP LMYEOFB. h LFPN UMHUBE OEPVIPDYNP RETEBRKHUFYFSH ACCOUNTING PRGYEK --skip-grant-tables Y PFTEDBLFYTPCHBFSH ZHBKM `/etc/hosts" YMY `\windows\hosts" , DPVBCHYCH CH OEZP ЪBRYUSH DMS CHBYEZP B.
• eUMY CHCH UFPMLOEFEUSH U FBLPK PYYVLPK, LBL: shell> mysqladmin -u root -pxxxx ver Access denied for user: "root@localhost" (Using password: YES) LFP POBYUBEF, YuFP YURPMSH'HEFUS OECHETOSCHK RBTPMSH. pVTBFYFEUSH L TBDEMH See section 4.3.7 ъBDBOYE RBTPMEK. eUMY CHSH ЪБВШЧМЪ РБТПМШ DMS RПМШЪПЧБФЭМС root , FP RETEЪBRKHUFYFE mysqld U PRGYEK --skip-grant-tables Y YЪNEOYFE RBTPMSH. pVTBFYFEUSH L TBDEMH See section A.4.2 lBL RETEKHUFBOPCHYFSH ЪBVSHCHFSHCHK RBTPMSH RPMSHЪPCHBFEMS root . fBLBS PYYVLB NPTSEF RPSCHMSFSHUS DBCE CH FPN UMKHYUBE, EUMY CHSHCH OE ЪBDBCHBMY RBTPMS CHPPVEE - LFP OBYUIF, YuFP CH LBLPN-FP ZHBKME `my.ini" YNEEFUS OECHETOSCHK RBTPMSh pV. TBFYFEUSH L TBDEMH See section . -no-defaults , LBL RPLBOBOP OJCE: shell> mysqladmin --no-defaults -u root ver
• ъBRХУЛБМИ MY CHCH ULTYRF mysql_fix_privilege_tables RTY PVOPCHMEOY YNEAEEKUS YOUFBMMSGY MySQL, EUMY KHUFBOPCHMEOOBS CHETUIS - VPMEE TBOOSS, YUEN 3.22.11, B PVOPCHMSEFUS POB DP 3.22 .11 YMY VPMEE RPJDOEK? eUMY OEF, UDEMBKFE LFP. oBUYOBS U MySQL 3.22.11, LPZDB PRETBFPT GRANT UFBM ZHOLGYPOBMSHOSCHN, UFTHLFKHTB FBVMYG RTYCHYMEZYK YYNEOYMBUSH.
• eUMY PE CHTENS WEBOUB CHBY RTYCHYMEZYY Y'NEOYMYUSH, FP, CHPNPTsOP, YI Y'NEOYM UKHRETRPMSH'PCHBFEMSH. RETEЪBZTHЪLB FBVMYG RTYCHYMEZYK PFTBTSBEFUS OE FPMSHLP ABOUT OPCHSHCHI RPDUPEDYOEOSI LMYEOFPC, OP FBLCE ABOUT HTSE YNEAEYIUS, LBL LFP RPLBЪBOP CH TBDEME See section 4.3.3 lPZ DB YЪNEOOYS CH RTYCHYMEZYSI CHUFKHRBAF CH UYMKH .
• eUMY OE HDBEFUS DPVYFSHUS, YuFPVSH RBTPMSH TBVPFBM, RPNOFE, YuFP ZHOLGYS PASSWORD() DPMTSOB YURPMSHЪPCHBFSHUS, EUMY CHCH ЪBDBEFE RBTPMSH U RPNPESHA PRETBFPTPCH INSE RT, UPDATE YMY SET PASSWORD. eUMY CE CHCH ЪBDBEFE RBTPMSH U RPNPESHA PRETBFPTB GRANT ... INDENTIFIED BY YMY LPNBODSCH mysqladmin passwor d, ZHOLGYS PASSWORD() OE OHTSOB. pVTBFYFEUSH L TBDEMH See section 4.3.7 ъBDBOYE RBTPMEK.
• localhost - LFP UYOPOIN YNEOY CHBYEZP MPLBMSHOPZP IPUFB, Y, EUMY IPUF SCHOP OE ЪBDBO, FBLCE KHUFBOBCHMYCHBENPE RP KHNPMYUBOYA YNS IPUFB, L LPFPTPNH LMYEOFSH RSCHFBAFUS RPDLMAYUYFSH US. pDOBLP RPDUPEDOEOYS L localhost OE DEKUFCHHAF, EUMY CH CHBYEK TBVPYUEK UYUFEN YURPMSH'HAFUS MIT-RPFPLY (RPDUPEDOEOYS L localhost PUHEEUFCHMSAFUS U YURPMSHЪPCHBOYEN UPLEFPCH Unix, B POY OE RPDDETSYCHBAFUS FEIOPMPZYEK MIT-RPFPLPCH). YuFPVSHCH FBLYI UYUFENBI LFB RTPVMENB OE CHP'OILBMB, UMEDHEF SCHOSCHN PVTBBPN ЪBDBFSH YNS UETCHETOPZP IPUFB U RPNPESHA PRGYY --host . fBLYN PVTBBPN VHDEF HUFBOPCHMEOP RPDUPEDYOOYE L UETCHETH mysqld RP RTPFPPLPMH TCP/IP. h LFPN UMKHYUBE CH ЪBRYUSI FBVMYGSHCH user, ITBOSEEKUS ABOUT UETCHETOPN IPUFE, DPMTSOP VSCHFSH KHLBBOP TEBMSHOPE YNS IPUFB. (fP URTBCHEDMYCHP DBCE DMS FAIRIES UMHYUBECH, LPZDB LMYEOFULBS RTPZTBNNNB Y UETCHET ЪBRHULBAFUS ABOUT PDOPN IPUF).
• eUMY RTY RPRSCHFLE RPDUPEDOEOYS L VBJE DBOOSHI U RPNPESH LPNBODSCH mysql -u user_name db_name CHP'OILBEF PYYVLB Access denied , RTYYUYOB LFPPZP, CHPNPTsOP, LTPEFUS CH FBVMYGE user . yuFPVSH RTPCHETYFSH LFP, CHSHRPMOYFE LPNBODH mysql -u root mysql Y CHCHEDYFE UMEDHAEIK SQL-PRETBFPT: mysql> SELECT * FROM user; h TEЪKHMSHFBFE VKDEF CHCHCHEDOB ЪBRYUSH UP UFPMVGBNY Host І User , UPPFCHEFUFCHHAEYNY YNEOY CHBYEZP LPNRSHAFETB Y CHBYENH YNEOY RPMSHЪPCHBFEMS MySQL.
• UPPVEEOYE PV PYYVLE Access denied YOZHPTNYTHEF CHBU P FPN, RPD LBLYN YNEOEN CHSH RSHCHFBEFEUSH CHPKFY CH UYUFENKH, PV YNEOY IPUFB, U LPFPTPZP CHSH RSHCHFBEFEUSH KHUFBOPCHYFSH UPEDYOOYE, Y P N, YURPMSHЪPCHBMY MY CHSHCH RTY LFPN RBTPMSH YMY OEF. lBL RTBCHYMP, CH FBVMYGE user VKhDEF PDOB ЪBRYUSH, FPYUOP UPPFCHEFUFCHHAEBS YNEOY IPUFB Y YNEOY RPMSHJPCHBFEMS, KHLBBOOSCHN CH UPPVEEOYY PV PYYVLE. OBRTYNET, EUMY CHSH RPMKHUYFE UPPVEEOYE PV PYYVLE, CH LPFPTPN ULBUBOP Using password: NO , LFP POBYUBEF, YUFP CHSC RSHCHFBMYUSH CHPKFY CH UYUFENKH, OE KHLBBCH RBTPMSH.
• eUMY RTY RPRSCHFLE RPDUPEDOEOYS OE U FPZP LPNRSHAFETB, ABOUT LPFPTPN TBVPFBEF UETCHET MySQL, B U DTHZPZP, CHCH RPMHUYFE UPPVEEOYE PV PYYVLE, RTYCHEDEOOPE OJCE, FP CH FBVMYGE user PFU HFUFCHHEF UFTPLB U FBLINE YNEOEN IPUFB: Host ... is not allowed to connect to this MySQL server yuFPVSH YURTBCHYFSH FUH PYYVLH, U RPNPESHA HFYMYFSH LPNBODOPK UFTPLY mysql (ABOUT UETCHETOPN IPUFE!) DPVBCHSHFE UFTPLH CH FBVMYGH user , db YMY host U LPNVIOBGYEK YNEOY RPMSH ЪПЧБФЭМС/ИПУФБ, UPPFCHEFUFCHHAEEK FPK, LPFPTHA CHSHCH YURPMSHЪHEFE RTY RPRSCHFLE RPDUPEDOEOYS. ъБФЭН ШШЧРПМОФЭ ЛПНБОПХ mysqladmin flush-privileges . eUMY CHCH YURPMSH'HEFE MySQL CHETUYY, PFMYUOPK PF Version 3.22, Y CHBN OEY'CHEUFOP YNS IPUFB YMY IP-BDTEU LPNRSHAFETB, U LPFTPZP CHCH RPDUPEDYOSEFEUSH, CHCHEDYFE CH FBVMYGH user ЪBRYUSH UP OBYUEOYEN "%" CH RPME Host Y RETEEBBRKHUFYFE mysqld ABOUT UETCHETOPK NBYYOE U PRGYEK -- log. lPZDB UPEDYOOYE U LMYEOFULPK NBYOSCH VKHDEF KHUFBOPCHMEOP, CHSC OBKDEFE CH TSHTOBME TEZYUFTBGYY MySQL YOZHPTNBGYA PV YNEOY IPUFB, U LPFPTPZP CHSC RPDUPEDOYOMYUSH. (rPUME LFPPZP UMEDHEF ЪBNEOYFSH H ЪBRYUY FBVMYGSH user OBYUEOYE "%" OBUFPSEIN YNEOEN IPUFB, YЪ TSKHTOBMB TEZYUFTBGYY. K.) h Linux RTYYUYOPK FBLPK PYYVLY NPTSEF VSHFSH FP, YUFP VYOBTOBS CHETUIS MySQL ULPNRYMYTPCHBOB U CHETUYEK glibc, PFMYUOPK PF YURPMSHKHENPK CHBNY . h LFPN UMKHYUBE OHTSOP VKhDEF MYVP PVOPCHYFSH pu/glibc, YURPMSHKHENSHCHE CHBNY, MYVP ЪBZTHYFSH YUIPDOSCHK LPD MySQL Y ULPNRYMYTCHBFSH UETCHET UBNPUFPSFEMSHOP. lBL RTBCHYMP, YUIIPDOSHCHK RPM LPNRYMYTHEFUS Y YOUFBMMYTHEFUS LMENEOFBTOP, FBL YuFP LFP OE UPUFBCHYF UETSHOPK RTPVMENSHCH.
• eUMY VHDEF CHSHCHDBOP UPPVEEOYE PV PYYVLE, CH LPFPTPN YNS IPUFB OE HLBBBOP CHPPVEE YMY KHLBBO IP-BDTEU, IPFS CHCH RTY RPRSHFLE RPDUPEDOEOYS HLBSCCHBMY YNS IPUFB: shell> mysqladmin - u root -pxxxx -h some-hostname ver Access denied for user: "root " (Using password: YES) FP LFP PYOBYUBEF, YuFP PYYVLB CHP'OILBEF RTY RPRSHFLE MySQL UPRPUFBCHYFSH IP-BDTEU U YNEOEN IPUFB. h LFPN UMHUBE CHCH NPTSEFE CHSHCHRPMOYFSH LPNBODH mysqladmin flush-hosts , YUFPVSH UVTPUIFSH CHOKHFTEOOAA LY-RBNSFSH DNS. pVTBFYFEUSH L TBDEMH See section 5.5.5 lBL MySQL YURPMSHЪHEF DNS . ChPF OELPFPTSHCHE URPUPVSH TEYEOYS LFPC RTPVMENSH:
  • rPRTPVHKFE CHSHCHSUOYFSH, YuFP OE FBL U CHBYN UETCHETPN DNS, Y KHUFTBOYFE OEYURTBCHOPUFSH.
  • ъBDBKFE IP-BDTEUB CHNEUFP YNEO IPUFPCH FBVMYGBI RTYCHYMEZYK MySQL.
  • ъBRHUFFYFE mysqld U PRGJEK --skip-name-resolve .
  • ъBRХУФИFE mysqld U PRGJEK --skip-host-cache .
  • rPDLMAYUYFEUSH L localhost EUMY CHBY UETCHET Y LMYEOF TBVPFBAF ABOUT PDOPN Y FPN TSE LPNRSHAFETE.
  • rPNEUFYFE YNEOB LMYEOFULYI NBYO CH LBFBMPZ `/etc/hosts" .
• eUMY LPNBODB mysql -u root test TBVPFBEF HUREYOP, B LPNBODB mysql -h your_hostname -u root tes t RTYCHPDYF L PYYVLE Access denied , FP, CHPNPTsOP, CH FBVMYGE user YNS CHBYEZP IPUFB KHLBOB OECHETOP. pDOB YI TBURPTPUFTBOEOOSCHI RTPVMEN ЪDEUSH ЪBLMAYUBEFUS CH FPN, YuFP CH RPME Host ЪBRYUY, ITBOSEEKUS CH FBVMYGE user, ЪBDBEFUS FPMSHLP YNS IPUFB, CH FP CHTENS LBL RTPGEDHTSCH T BYTEYEOYS YNEO, YURPMSHKHENSHCHE CHBYEK UYUFENPK, CHPCHTBEBAF RPMOPUFSHA PRTEDEMOOPE DPNOOPE YNS (YMY OBPVPTPF). OBRTYNET, EUMY CH FBVMYGE user YNEEFUS ЪBRYUSH UP OBYUEOYEN "tcx" CH RPME host , B DNS RTY LFPN UPPVEBEF MySQL, YuFP YNS IPUFB - "tcx.subnet.se" , LFB ЪBRYUSH DEKUFCHPCHBFSH OE VHDEF. rPRTPVHKFE DPVBCHYFSH CH FBVMYGH user ЪBRYUSH, KHLBBCH CH LPMPOLE Host IP-BDTEU IPUFB. (h LBYUEUFCHE BMSHFETOBFYCHSHCH NPTsOP DPVBCHYFSH CH FBVMYGH user ЪBRYUSH UP OBYUEOYEN CH RPME Host , UPDETSBAYN YBVMPOOSCHK UINCHPM, OBRTYNET "tcx.%" . OP YURPMSHЪPCHBFSH YNEOB IPU FPC, PLBOYUYCHBAEYEUS ABOUT "%" - OEVEVPRBUOP Y DEMBFSH LFP OE TELPNEODHEFUS!)
• eUMY LPNBODB mysql -u user_name test TBVPFBEF HUREYOP, B LPNBODB mysql -u user_name other_db_nam e - OEF, FP CH FBVMYGE db OEF ЪBRYUY, UPPFCHEFUFCHHAEEK other_db_name .
• eUMY LPNBODB mysql -u user_name db_name CHSRPMOSEFUS HUREYOP ABOUT FPN LPNRSHAFETE, WHERE HUFBOPCHMEO UETCHET, B mysql -u host_name -u user_name db_name OE TBVPFBEF RTY CHSHHRPMOOYY EE ABOUT DTHZPK LMYEOFUL PC NBYYOE, FP CH FBVMYGBI user YMY db LFB LMYEOFULBS NBYOB OE UBTEZYUFTYTPCHBOB.
• еUMY OE HDBEFUS CHSHSUOYFSH RTYYUYOKH PYYVLY Access denied , HDBMYFE YЪ FBVMYGSH user CHUE OBRYUY, CH LPPTTSHI OBYUEOYE CH RPME Host CHLMAYUBEF YBVMPOOSCHE UINCHPMSHCH (ЪBRYYY, E UYNCHPMSCH `"%"" YMY `"_""). PYUEOSH TBURTPUFTBOOOOPK PYYVLPK SCHMSEFUS UMEDHAEBS: RPMSHЪPCHBFEMSH CHUFBCHMSEF OPCHHA ЪBRYUSH UP OBYUEOYEN "%" CH RPME Host Y UP OBYUEOYEN "some user" - CH RPME User, RPMBZBS, YuFP RPUME LFPPZP DMS RPDUPEDOEOYS U FPK CE UBNPK NBYOSCH PO UNPTsEF YURPMSHЪPCHBFSH localhost . fBLPK TBUYUEF OECHETEO, Y RTYYUYOB ЪDEUSH CH FPN, YuFP KHUFBOBCHMYCHBENSCH RP KHNPMYUBOYA RTYCHYMEZY CHLMAYUBAF ЪBRYUSH UP OBYUEOYEN "localhost" CH RPME Host Y RKHUFSHCHN RPME User. y RPULPMSHLH CH LFPC OBRYUYE "localhost" VPMEE LPOLTEFOP, YUEN "%", FP YNEOOP POB RTY RPDUPEDOYEOYY U localhost RTEDYUFCHHEF OPChPK OBYYYY, UPPFCHEFUFCHEOOP, VHDEF CHSHCHVTBOBYY TBVPFBEEF! rTBCHYMSHOSHCHN LFPN UMKHYUBE VKhDEF CHUFBCHYFSH CHFPTHA ЪBRYUSH UP OBYUEOYEN "localhost" CH RPME Host ЪOBYUEOYEN "some_user" - CH RPME User YMY KHDBMYFSH ЪBRYUSH UP OBYUEOYEN "localhost" Ch RPME Host Y RHUFSHCHN RPME User .
• eUMY CHCH RPMKHUYFE UMEDHAEKHA PYYVLH, FP LFB RTPVMENB, CHPNPTsOP, UCHSBOB U FBVMYGEK db YMY FBVMYGEK host: Access to database denied eUMY CH OBRYUY, CHSHVTBOOPK Y FBVMYGSHCH UFP , MVEG Host - RHUFPK, HDPUFPCHETSHFEUSH, YuFP CH FBVMYGE host YNEEFUS RP LTBKOEK NETE PDOB UPPFCHEFUFCHHAEBS ЪBRYUSH, KHLBSCCHBAEBS, L LBLYN IPUFBN PFOPUIFUS ЪBRYUSH YЪ FBVMYGSHCH db . eUMY PYYVLB CHP'OILBEF RTY CHSHRPMOEOYY SQL-LPNBODSH SELECT ... INTO OUTFILE YMY LOAD DATA INFILE , FP CH CHBYEK ЪBRYUYY FBVMYGSCH user , CHETPSFOP, PFUHFFUFCHHEF TBTEYEOYE ABOUT RTEDPUFBCH MEOYE RTYCHIMEZYY FILE .
• rPNOYFE, YuFP LMYEOFULYE RTPZTBNNNSCH VHDHF YURPMSHЪPCHBFSH RBTBNEFTSCH RPDUPEDOEOYS, KHLBBOOSCH ZHBKMBY LPOZHYZHTBGYY YMY RETENEOOOSCHI PLTHTSEOYS. pVTBFYFEUSH L TBDEMH See section F RETENEOOSCH PLTHTSEOYS. еUMY EUFSH RPDPЪTEOYE, YuFP LMYEOF PFUSCHMBEF OECHETOSHCHE HUFBOBCHMYCHBENSHE RP KHNPMYUBOIA RBTBNEFTSCH RPDUPEDOEOYS, CH UMHYUBE, LPZDB CHCH OE ЪBDBEFE YI CH LPNBODOPK UFTPLE, RTPCHETSHFE CHBYE PLTHTSEOYE ZHBKM `my.cnf" CH UCHPEK DPNBIOOEK DYTELFPTYY. nPTSEFE FBLCE RTPCHETYFSH LPOZHYZHTBGYPOOSCH ZHBKMSH MySQL PFOPUSEYEUS LP CHUE UYUFENE, IPFS RBTBNEFTSCH LMYEOFULZP RPDUPEDOEOYS CHTSD MY KHLBBOSHCH YNEOOP ЪDEUSH. EUMY PYYVLB Access denied CHP'OILBEF RTY CHSHRPMOEEOY CHBYEK LMYEOFULPK RTPZTBNNSH VEJ LBLYI-MYVP PRGYK, KHVEDYFEUSH, YUFP OY CH PDOPN YI CHBYI ZHBKMPCH PRGYK OE UFBTSH To RBTPMSH! pVTBFYFEUSH L TBDEMH See section 4.1.2 ZhBKMSCH RBTBNEFTPCH `my.cnf" .
• eUMY CHOPUYFE YYNEOOYS CH FBVMYGSH RTYCHYMEZYK OERPUTEDUFCHOOOP (U RPNPESH PRETBFPTPCH INSERT YMY UPDATE), B CHBYYYNEOOYS, RPIPCE, YZOPTYTHAFUS, FP UMEDHEF CHSHCHDBFSH PR TBFPT FLUSH PRIVILEGES YMY CHSHRPMOYFSH LPNBODH mysqladmin flush-privileges - VHI FPZP, YuFPVSH ЪBUFBCHYFSH ACCOUNTING RETEYUYFBFSH FBVMYGSHCH RTYCHYMEZYK. h RTPFYCHOPN UMHYUBE CHBY YYNEOOYS CHUFKHRSF CH UYMKH MYYSH RTY RPUMEDHAEEN RETEBRKHULE UETCHETB. rPNOIFE, YuFP RPUME FPZP, LBL CHSH ЪBDBDYFE RBTPMSh PF YNEOY RPMSHЪPCHBFEMS, CHBN OHTSOP VHDEF KHLBSCCHBFSH EZP FPMSHLP RPUME UVTPUB RTYCHYMEZYK, F.L. UETCHETKH EEE OE VHDEF YJCHEUFOP P FPN, UFP CHSH YYNEOMY RBTPMSH!
• rTY CHP'OILOPCHEY RTPVMENSH U DPUFKHRPN RTY YURPMSH'PCHBOY Perl-, PHP-, Python- YMY ODBC-RTPZTBNN, RPRTPVHKFE KHUFBOPCHYFSH UPEDYOOYE U UETCHETPN RTY RPNPEY LPNBODSCH mysql -u name db_name YMY LPNBODSCH mysql -u user_name -pyour_pass db_name . eUMY CHBY LMYEOF mysql PVEUREYUYCHBEF RPDUPEDOEOYE, FP RTPPVMENB UCHSBOB OE U RTYCHYMEZYSNY DPUFKHRB, BU CHBYEK RTPZTBNNPK. (bNEFYN, YuFP NETSDH -p Y RBTPMEN RTPVEMB OEF; DMS ЪBDBOYS RBTPMS NPTsOP FBLCE YURPMSHЪPCHBFSH UYOFBLUYUEULHA UFTHHLFHTH --password=your_pass . eUMY CHSH YURPMSHЪHEFE FP MSHLP UBNKH PRGYA -p, MySQL ЪBRTPPUYF KH CHBU RBTPMSH)
• rTY FEUFYTPCHBOY ЪBRHULBKFE DENPO mysqld U PRGYEK --skip-grant-tables . fPZDB CHSC UNPTSEFE YYNEOSFSH FBVMYGSH RTYCHYMEZYK MySQL Y U RPNPESH ULTYRFB mysqlaccess RTPCHETSFSH, RTPYYCHEMY MY UDEMBOOSCH CHBNY YYNEOOYS TSEMBENSCHK LZHZHELF. eUMY TEJHMSHFBFSH CHBU KHUFTBYCHBAF, CHSHRPMOYFE LPNBODH mysqladmin flush-privileges , YUFPVSH RTYLBBFSH UETCHETKH mysqld RTYUFKHRYFSH L YURPMSHJPCHBOYA OPCHSHCHI FBVMYG RTYCHYMEZYK . CHOYNBOYE: RETEЪBZTHЪLB FBVMYG RTYCHYMEZYK PFNEOSEF PRGYA --skip-grant-tables . ьФП РПЪЧПМСЭФ ЪБУФБЧИФШ УЭЦП КРТУУФХРИФШ L YURPMSHЪPCHBOYA OPCHSHCHI FBVMYG RTYCHYMEZYK VEЪ OBCHETYEOYS EZP TBVPFSH Y RETEЪBZTHЪLY.
• eUMY OYUEZP OE RPNPZBEF, ЪBRHUFFYFE DENPO mysqld daemon U PRGYEK PFMBDLY (OBRTYNET --debug=d,general,query). h TEЪKHMSHFBFE VKhDEF CHCHCHEDOB YOZHPTNBGYS P OEKHDBYUOSCHI RPDUPEDOEOYSI, U KHLBBOYEN IPUFB Y RPMSHЪPCHBFEMS, B FBLCE PVP CHUEI PVTBVPFBOOSCHI LPNBODBY. pVTBFYFEUSH L TBDEMH See section E.1.2 UPDBOYE FTBUUYTPCHPUOSHI ZHBKMPCH.
• eUMY X CHBU YNEEFUS LBLBS-MYVP RTPVMENB U FBVMYGBNY RTYCHYMEZYK MySQL Y CHSH RPMBZBEFE, YuFP OEPVIPDYNP UPPVEYFSH P OEK CH URYUPL TBUUSCHMLY, OHTsOP PVSBFEMSHOP RTYMPTSY FSH L UCHPENH PFUEFH TBUREYUBFLH FBVMYG RTYCHYMEZYK MySQL. lFP NPTsOP UDEMBFSH U RPNPESH LPNBODSCH mysqldump mysql . pFUEF P RTPVMENE, LBL Y CH DTHZYI UMHYUBSI, PFRTBCHMSEFUS U RPNPESH ULTYRFB mysqlbug . pVTBFYFEUSH L TBDEMH See section 1.8.1.3 lBL PFRTBCHMSFSH PFUEFSH PV PYYVLBY YMY RTPVMENBI. h OELPFPTSCHI UMKHUBSI DMS CHSHRPMOEOYS ULTYRFB mysqldump CHPNPTsOP, RPFTEVHEFUS RETEBRKHUFYFSH mysqld U PRGYEK --skip-grant-tables .

In the morning, one of the developers of a corporate application contacted the support service. He could not make a copy from the MS SQL Server database, and asked to find out the cause of the error.

The first thing to start with is to check the error for reproducibility.
Let's try to make a copy with the command:
BACKUP DATABASE TO DISK=N"\\FS1\Backup\sdb_full.bak" WITH COPY_ONLY

What else is COPY_ONLY?

WITH COPY_ONLY is a very useful switch. It will allow you not to disrupt the sequence of differential copies in the backup system

Indeed, an attempt to make a copy ended with an error:

What could cause this problem?

SQL Server runs under the built-in “Network Service” account

Just in case, we check the resolution of the FS1 server name using the short name and FQDN. Both names resolve and, importantly, point to the same server. Open the network folder, check permissions for NTFS and Share Permissions. Everything is fine, the SQL1 server account has write permission.

Maybe there are problems with NTLM, Kerberos? Let's try to make a backup using the server's FQDN.

BACKUP DATABASE TO DISK=N"\\FS1.contoso.test\Backup\sdb_full.bak" WITH COPY_ONLY

Interesting. Using FQDN, the backup was created successfully. What does it mean? Except that the situation has become even more confusing.

SQL Server cannot be restarted during business hours. I wouldn't want to stay overnight.

When nothing is clear, an administrator's best friend is Wireshark or Microsoft Network Monitor. If you take a good dump, you can either figure it out, or you can get really confused.

Installing Microsoft Network Monitor on a responsible server is theoretically a safe undertaking, but life so often makes adjustments to the most secure undertakings.

You can't reboot, and it's not advisable to install a monitor. Then we will use the Windows Event Tracing service.

Enabled tracing:
netsh trace start persistent=yes capture=yes tracefile=c:\temp\trace.etl
Repeated the backup command several times:
BACKUP DATABASE TO DISK=N"\\FS1\Backup\sdb_full.bak" WITH COPY_ONLY BACKUP DATABASE TO DISK=N"\\FS1\Backup\sdb_full.bak" WITH COPY_ONLY BACKUP DATABASE TO DISK=N"\\FS1\Backup \sdb_full.bak" WITH COPY_ONLY
Stop tracing:
netsh trace stop

Open the file in Microsoft Network Monitor on the administrator's workstation:

Every time you try to take a copy, the KDC_ERR_PREAUTH_REQUIRED event appears with the mysterious user DBAdmin. This is not an employee account, an administrator account, and SQL Server does not run under it.
KDC_ERR_PREAUTH_REQUIRED means the credentials are invalid.

But the backup is performed in the context of the “MS SQL Server” service, and it is launched under the “Network Service”. What does DBAdmin have to do with it?

Windows has a “Credentials Manager”, also known as “Credentials Manager”, which allows you to save credentials for various network resources. It can be called with the command “control userpasswords2” or “netplwiz”:

Let's check if there are alternative credentials stored for the FS1 server in the context of the computer account "SQL1\Network Service".

In order to run a process on behalf of another user, we will use psexec.

If we run psexec with the "-s" switch, we will get into the "Local System" context. Won't do.

In order to get into the “Network Service” context, run the utility with the following keys:
psExec.exe -i -u “nt authority\network service” cmd.exe

Let’s check whether the Access Denied error occurs in the “Network Service” context when accessing the FS1 server:

The error is reproduced.

Let's check the saved credentials. You won’t be able to run “control userpasswords2” without using Explorer. And no, there’s a utility called cmdkey.exe to work with “Credentials Manager” from the command line.

To display the saved credentials, run the command:
cmdkey /list

No stored credentials were found. Even more interesting.

So what we know so far:

1. In the context of the computer account “SQL1\Network Service”, when accessing the FS1 server via the SMB protocol, an Access Denied error is returned
2. When accessing the server using FQDN FS1.contoso.test no error is returned
3. The FS1 server is accessed using the DBAdmin account, which is not explicitly used anywhere
4. Credentials were not saved in the context "SQL1\Network Service" in Credentials Manager

If you connect a drive with the /savecred parameter, the credentials will be saved in Credentials Manager:

Net use \\FS1\Backup /persistent:yes /savecred
If you omit the /savecred parameter, the credentials will be saved in the service memory until a reboot
net use \\FS1\Backup /persistent:yes /user:DBAdmin
Let's check if we have any saved connections:
net use

Eat! Now it’s clear why an error was returned when accessing FS1, but not when accessing FS1.contoso.test.

Let's delete saved connections:

Net use * /delete

Checking the backup:

Problem solved.

What was the matter? The reason for the error is quite non-trivial. Inside a corporate application, on behalf of SQL Server, a network drive was mapped under the DBAdmin user, which was not subsequently disabled due to an error in the application. After some time, the DBAdmin user's password probably changed, or the server was rebooted. And here it is, the mysterious Access denied!

What conclusions can you draw for yourself?

1. When you perform a SQL Server backup, network resources are accessed as the SQL Server service account, not as the user who ran the BACKUP DATABASE command. You should keep this in mind when setting permissions.
2. Always take additional full backups with the WITH COPY_ONLY switch. SQL Server marks data pages that have changed since a full backup, and only the changed pages are included in the differential copy. It is logical that after each full backup, the state of the pages is cleared. The key allows you not to clear the page mark, and the sequence will not be broken.
3. In case of an “Access denied” error, it would be a good idea to check whether the error is repeated by host name, FQDN, or IP address.
4. You can get into the security context of the desired account by running psexec with the -U switch.
5. To display credentials from the key storage service, use the cmdkey utility.
6. To list saved connected network connections, use the net use command.

Thank you for your attention.