DevBrainiac Web Image
Articles
MCQ
SQL
Questions
Creatives
Tools
Tags
Jobs
Community
LogIn
I don't have account.

MySQL installation in Docker

DevSniper
267 Views

MySQL is one of the most popular open-source relational database management systems used by developers and enterprises worldwide. Docker container is a great way to manage and deploy databases in a portable and isolated environment. In this article, we will walk through the steps by step to install and run MySQL in Docker.

1. Install Docker

Before proceeding, make sure that Docker has been installed on your computer. can verify by below docker version command.

docker --version

If Docker is not installed, download it from https://www.docker.com/products/docker-desktop and follow the installation instructions for your OS.

2. Download the MySQL Docker Image

To run MySQL in a containerized environment using Docker, the first step is to download (pull) the official MySQL image from Docker Hub, which is the central repository for Docker images.

To install MySQL take pull the official MySQL image from Docker Hub. 
docker pull mysql/mysql-server

This command pulls the default latest stable version from the mysql/mysql-server image repository.

for specific version of mysql, use below command
docker pull mysql/mysql-server:8.0.28
How to Find Available Versions?

You can explore all available MySQL image versions on the Docker Hub page here. Explore versions on Docker Hub

3. Verify the Downloaded Image

Now , Let's verify is image present or not. To confirm that the image has been downloaded successfully, list all Docker images on your system. Following command will provide list of images of your system.
docker images

You should see an entry for mysql/mysql-server in the list.

4. Start the MySQL Container

Once you've pulled the MySQL Docker image, the next step is to run a MySQL container using that image. This is done using the following docker run command.

docker run --name='my-sql-container' -d -p 3306:3306 mysql/mysql-server

Let’s understand what each part of this command does

  • docker run :- To start /run docker container
  • --name='my-sql-container' :- To defined the name of the container, if we run command without this argument name will be generated automatically.
  • -d :- It's a very important argument. It ensures that the container in detached mode will be running
  • -p 3306:3306 :- It's used for mapping port from a docker container to host port. MySQL is running on port 3306. I mapped exactly this port outside of container.
  • mysql/mysql-server :- Name of our docker image
Verify Your Running Containers

Once you have started your MySQL container, it’s important to confirm that it's running properly. Docker provides a simple command to view all active (running) containers. To get all running containers run below docker command

docker ps

The docker ps command shows a list of all currently running containers. It provides helpful details like

  • CONTAINER ID – A unique identifier for the container.
  • IMAGE – The Docker image used (e.g., mysql/mysql-server)
  • COMMAND – The command used to start the container
  • STATUS – Whether the container is up and running
  • PORTS – Port mappings between host and container (e.g., 0.0.0.0:3306->3306/tcp)
  • NAMES – The name of your container (e.g., my-sql-container)
Example
CONTAINER ID   IMAGE                COMMAND                  STATUS         PORTS                    NAMES
a1b2c3d4e5f6   mysql/mysql-server   "/entrypoint.sh mysqld"  Up 2 minutes   0.0.0.0:3306->3306/tcp   my-sql-container

If you want to see all containers, not just the running ones, you can use

docker ps -a

This shows containers in all states: running, exited or stopped.

5. Setting MySql Root User Password

When the container starts, MySQL automatically generates a temporary password for the root user. To access MySQL securely, you’ll need to retrieve this password and then change it to something permanent. Run below command to fetch default passsword of MySql root user
docker logs my-sql-container
OR

To extract only the password from log

docker logs my-sql-container 2>&1 | grep PASSWORD

Login with root user : Use the password you just fetched to access the MySQL shell

docker exec -it my-sql-container mysql -u root -p

Once logged in to the MySQL shell, immediately change the root password to something secure and memorable. Change root user password with other new password(any password) by following query

ALTER USER 'root'@'localhost' IDENTIFIED BY 'newpassword';

6. Create a New MySQL User

Once you're inside the MySQL shell (using the root user), you may want to create a new user for security, development or access control purposes.

To create a new user (e.g. ram), run the following SQL commands
CREATE USER 'ram'@'%' IDENTIFIED BY 'ram@12345';

Tip : '%' means this user can connect from any host. You can replace % with a specific IP or hostname for stricter access.

Grant Privileges to the User

can provide access to user by following query. (providing full access to ram you can assign limited access as per your requirement)

GRANT ALL PRIVILEGES ON *.* TO 'ram'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Explanation

  • ALL PRIVILEGES : Grants full access (CREATE, INSERT, DELETE etc.).
  • *.* : Applies privileges to all databases and tables.
  • WITH GRANT OPTION : Allows this user to grant privileges to others.
  • FLUSH PRIVILEGES : This ensures that the updated permissions take effect immediately

Frequently Asked Questions (FAQs)

1. How do I grant full access to a user on all databases?

GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
  • *.* : Applies to all databases and all tables.
  • WITH GRANT OPTION : Allows the user to grant permissions to others.

2. How do I grant access to only one specific database?

GRANT ALL PRIVILEGES ON mydb.* TO 'user'@'%';
FLUSH PRIVILEGES;

mydb.*: Access limited to a single database mydb.

3. How do I give read-only access to a user?

GRANT SELECT ON mydb.* TO 'readonly_user'@'%';
FLUSH PRIVILEGES;
  • SELECT : Allows the user to only read data.

4. How do I grant access to only a single table?

GRANT SELECT, INSERT ON mydb.customers TO 'user'@'%';
FLUSH PRIVILEGES;
  • mydb.customers : Targeting a single table.
  • SELECT, INSERT : Allows reading and inserting data only.

5. How do I create a user with permission to create databases?

GRANT CREATE ON *.* TO 'user'@'%';
FLUSH PRIVILEGES;
  • CREATE : Grants permission to create databases

6. How do I revoke all access from a user?

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'@'%';
FLUSH PRIVILEGES;
  • Completely removes all privileges from the user.

7. How to allow access from localhost only?

CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydb.* TO 'user'@'localhost';
FLUSH PRIVILEGES;
  • 'localhost': This user will only be able to connect from the local machine (inside the container if using Docker).

8. How to show current privileges of a user?

SHOW GRANTS FOR 'user'@'%';
  • This query will display all permissions granted to the user.

9. How to delete (drop) a user?

DROP USER 'user'@'%';
  • This query will permanently deletes the user from MySQL.

10. How do I give a user only INSERT and UPDATE permissions on specific tables?

GRANT INSERT, UPDATE ON mydb.orders TO 'user'@'%';
FLUSH PRIVILEGES;
  • Use this when users should write data but not read or delete it.

11. How do I allow a user to create and alter tables but not drop them?

GRANT CREATE, ALTER ON mydb.* TO 'developer'@'%';
FLUSH PRIVILEGES;
  • Useful for developers who can build schema but shouldn’t drop it accidentally.

12. How to give a user EXECUTE permission (for stored procedures or functions)?

GRANT EXECUTE ON mydb.* TO 'user'@'%';
FLUSH PRIVILEGES;
  • Required to run stored procedures and functions in MySQL.

13. How do I limit a user’s access to only perform DELETEs?

GRANT DELETE ON mydb.logs TO 'cleaner_user'@'%';
FLUSH PRIVILEGES;
  • DELETE ON mydb.logs: This user can only perform DELETE operations on the logs table inside the mydb database.
  • Suitable for data cleanup or maintenance bots.

14. Can I limit user access based on IP address?

Yes. You can control access using host specification.

CREATE USER 'user'@'192.168.1.100' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydb.* TO 'user'@'192.168.1.100';
FLUSH PRIVILEGES;
  • Limits access to a specific machine (192.168.1.100) only.
  • Denies access from all other IP addresses, even if the credentials are correct

If the user already exists and you want to change the allowed IP, you can drop and recreate the user

DROP USER 'user'@'%';
CREATE USER 'user'@'192.168.1.100' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydb.* TO 'user'@'192.168.1.100';
FLUSH PRIVILEGES;
  • ⚠️ Make sure you back up any existing privileges before dropping users.
  • Always restrict by IP when possible for enhanced security, especially in production environments.
  • Use % (any host) only for internal development or tightly firewalled infrastructure.

15. How do I create a user that can only monitor database performance (no data access)?

-- Create the user with a secure password
CREATE USER 'monitor'@'%' IDENTIFIED BY 'monitor@123';

-- Grant only monitoring-related privileges
GRANT PROCESS, SHOW DATABASES, SHOW VIEW ON *.* TO 'monitor'@'%';

-- (Optional) Allow SELECT on system schemas for deeper monitoring
GRANT SELECT ON performance_schema.* TO 'monitor'@'%';
GRANT SELECT ON information_schema.* TO 'monitor'@'%';

-- Apply changes
FLUSH PRIVILEGES;

16. What is the difference between WITH GRANT OPTION and without it?

With WITH GRANT OPTION : The user can delegate their own privileges to other users. Think of it like giving someone permission and the ability to pass it on to others.

Without WITH GRANT OPTION : The user can use their privileges but cannot grant them to others. They’re allowed to do things themselves, but not assign those same rights to anyone else.

-- Grants SELECT with permission to pass it on
GRANT SELECT ON mydb.* TO 'alice'@'%' WITH GRANT OPTION;

-- Grants SELECT without that permission
GRANT SELECT ON mydb.* TO 'bob'@'%';
Feature / Behavior ✅ With GRANT OPTION 🚫 Without GRANT OPTION
Can use assigned privileges ✅ Yes ✅ Yes
Can delegate privileges to other users ✅ Yes — can run GRANT for privileges they hold ❌ No — cannot grant privileges to others
Can manage other users’ access ✅ Yes (for the same privileges they have) ❌ No
Risk of privilege escalation ⚠️ Higher — user may unintentionally open access 🔐 Lower — safer and more restricted
Commonly used for Admins, lead developers, trusted DB managers Application users, analysts, limited-role users

17. How do I revoke only some specific privileges without removing all?

To revoke specific privileges from a user in MySQL without removing all, you can use the REVOKE statement, which allows precise control.

REVOKE privilege_type[, ...] ON database.table FROM 'user'@'host';
Example
REVOKE INSERT, DELETE ON mydb.orders FROM 'user'@'%';
FLUSH PRIVILEGES;

18 . How can I reset a user's privileges from scratch?

To reset a user's privileges from scratch in MySQL, you essentially want to remove all current privileges and then optionally grant only the required ones or Delete User’s and after that create a new user do this only if you want to fully reset including roles/metadata (usually not necessary).

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'username'@'host';

Then assign only the needed privileges again.