MySQL 5.7 Reference Manual Including MySQL NDB Cluster 7.5 and NDB Cluster 7.6

4.4.2 mysql_install_db — Initialize MySQL Data Directory


mysql_install_db is deprecated as of MySQL 5.7.6 because its functionality has been integrated into mysqld, the MySQL server. To initialize a MySQL installation, invoke mysqld with the --initialize or --initialize-insecure option. For more information, see Section 2.10.1, “Initializing the Data Directory”. mysql_install_db will be removed in a future MySQL release.

mysql_install_db handles initialization tasks that must be performed before the MySQL server, mysqld, is ready to use:

Before MySQL 5.7.5, mysql_install_db is a Perl script and requires that Perl be installed. As of 5.7.5, mysql_install_db is written in C++ and supplied in binary distributions as an executable binary. In addition, a number of new options were added and old options removed. If you find that an option does not work as you expect, be sure to check which options apply in your version of mysql_install_db (invoke it with the --help option).

Secure-by-Default Deployment

Current versions of mysql_install_db produce a MySQL deployment that is secure by default. It is recommended that you use mysql_install_db from MySQL 5.7.5 or up for best security, but version-dependent information about security characteristics is included here for completeness (secure-by-default deployment was introduced in stages in MySQL 5.7).

MySQL 5.7.5 and up is secure by default, with these characteristics:

MySQL 5.7.4 is secure by default, with these characteristics:

MySQL 5.7.3 and earlier are not secure by default, with these characteristics:

If mysql_install_db generates a random administative password, it writes the password to a file and displays the file name. The password entry includes a timestamp to indicate when it was written. By default, the file is .mysql_secret in the home directory of the effective user running the script. .mysql_secret is created with mode 600 to be accessible only to the operating system user for whom it is created.


When mysql_install_db generates a random password for the administrative account, it is necessary after mysql_install_db has been run to start the server, connect using the administrative account with the password written to the .mysql_secret file, and specify a new administrative password. Until this is done, the administrative account cannot be used for anything else. To change the password, you can use the SET PASSWORD statement (for example, with the mysql or mysqladmin client). After resetting the password, remove the .mysql_secret file; otherwise, if you run mysql_secure_installation, that command may see the file and expire the root password again as part of ensuring secure deployment.

Invocation Syntax

Several changes to mysql_install_db were made in MySQL 5.7.5 that affect the invocation syntax. Change location to the MySQL installation directory and use the command appropriate to your version of MySQL:

Because the MySQL server, mysqld, must access the data directory when it runs later, you should either run mysql_install_db from the same system account that will be used for running mysqld, or run it as root and specify the --user option to indicate the user name that mysqld will run as. It might be necessary to specify other options such as --basedir if mysql_install_db does not use the correct location for the installation directory. For example:

shell> bin/mysql_install_db --user=mysql \
         --basedir=/opt/mysql/mysql \

After mysql_install_db sets up the InnoDB system tablespace, changes to some tablespace characteristics require setting up a whole new instance. This includes the file name of the first file in the system tablespace and the number of undo logs. If you do not want to use the default values, make sure that the settings for the innodb_data_file_path and innodb_log_file_size configuration parameters are in place in the MySQL configuration file before running mysql_install_db. Also make sure to specify as necessary other parameters that affect the creation and location of InnoDB files, such as innodb_data_home_dir and innodb_log_group_home_dir.

If those options are in your configuration file but that file is not in a location that MySQL reads by default, specify the file location using the --defaults-extra-file option when you run mysql_install_db.


If you have set a custom TMPDIR environment variable when performing the installation, and the specified directory is not accessible, mysql_install_db may fail. If so, unset TMPDIR or set TMPDIR to point to the system temporary directory (usually /tmp).

Administrative Account Creation

mysql_install_db creates an administrative account named 'root'@'localhost' by default. (Before MySQL 5.7.4, mysql_install_db creates additional root accounts, such as 'root'@''. This is no longer done.)

As of MySQL 5.7.5, mysql_install_db provides options that enable you to control several aspects of the administrative account:

For more information, see the descriptions of those options.

mysql_install_db assigns mysql.user system table rows a nonempty plugin column value to set the authentication plugin. The default value is mysql_native_password. The value can be changed using the --admin-auth-plugin option in MySQL 5.7.5 and up (as noted previously), or by setting the default_authentication_plugin system variable in MySQL 5.7.2 to 5.7.4.

Default my.cnf File

As of MySQL 5.7.5, mysql_install_db creates no default my.cnf file.

Before MySQL 5.7.5, mysql_install_db creates a default option file named my.cnf in the base installation directory. This file is created from a template included in the distribution package named my-default.cnf. You can find the template in or under the base installation directory. When started using mysqld_safe, the server uses my.cnf file by default. If my.cnf already exists, mysql_install_db assumes it to be in use and writes a new file named my-new.cnf instead.


As of MySQL 5.7.18, my-default.cnf is no longer included in or installed by distribution packages.

With one exception, the settings in the default option file are commented and have no effect. The exception is that the file sets the sql_mode system variable to NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES. This setting produces a server configuration that results in errors rather than warnings for bad data in operations that modify transactional tables. See Section 5.1.10, “Server SQL Modes”.

Command Options

mysql_install_db supports the following options, which can be specified on the command line or in the [mysql_install_db] group of an option file. For information about option files used by MySQL programs, see Section, “Using Option Files”.

Before MySQL 5.7.5, mysql_install_db passes unrecognized options to mysqld.

Table 4.7 mysql_install_db Options

Option Name Description Introduced Removed
--admin-auth-plugin Administrative account authentication plugin 5.7.5
--admin-host Administrative account name host part 5.7.5
--admin-require-ssl Require SSL for administrative account 5.7.5
--admin-user Administrative account name user part 5.7.5
--basedir Path to base directory
--builddir Path to build directory (for out-of-source builds)
--cross-bootstrap For internal use 5.7.5
--datadir Path to data directory
--defaults Read default option files 5.7.5
--defaults-extra-file Read named option file in addition to usual option files
--defaults-file Read only named option file
--extra-sql-file Optional SQL file to execute during bootstrap 5.7.5
--force Run even if DNS does not work 5.7.5
--help Display help message and exit
--insecure Do not generate administrative account random password 5.7.5
--keep-my-cnf Keep existing my.cnf file, do not create new one 5.7.4 5.7.5
--lc-messages Locale for error messages 5.7.5
--lc-messages-dir Directory where error messages are installed 5.7.5
--ldata Synonym for --datadir 5.7.5
--login-file File to read for login path information 5.7.5
--login-path Read login path options from .mylogin.cnf 5.7.5
--mysqld-file Path to mysqld binary 5.7.5
--no-defaults Read no option files
--random-password-file File in which to write administrative account random password 5.7.5
--random-passwords Generate administrative account random password 5.7.4
--rpm For internal use 5.7.5
--skip-name-resolve Use IP addresses rather than host names in grant tables 5.7.5
--skip-random-passwords Do not generate administrative account random password 5.7.4 5.7.5
--skip-sys-schema Do not install or upgrade the sys schema 5.7.7
--srcdir For internal use
--user Operating system user under which to execute mysqld
--verbose Verbose mode
--version Display version information and exit 5.7.5
--windows For internal use 5.7.5