Suppressing MySQL Command‑Line Warning Messages in Linux Shell

A client asked for a detailed guide on how to hide the annoying warning message that MySQL prints when it is invoked from a Linux shell, such as:

root@ytt-ubuntu18:/home/ytt# mysql -uytt -proot -e "select version()"
mysql: [Warning] Using a password on the command line interface can be insecure.
+-----------+
| version() |
+-----------+
| 8.0.29    |
+-----------+

The warning clutters command output, so the article lists six possible solutions.

1. Use an empty password (not recommended)

Creating a user with no password removes the warning but is extremely insecure, similar to MySQL’s --initialize-insecure option.

root@ytt-ubuntu18:/home/ytt# mysql -u ytt_no_pass -e "select user()"
+-----------------------+
| user()                |
+-----------------------+
| ytt_no_pass@localhost |
+-----------------------+

2. Put credentials in configuration file sections (not recommended)

Add user and password entries to my.cnf, mysql.cnf, or mysqld.cnf under the appropriate groups.

# /etc/mysql/conf.d/mysql.cnf
[mysql]
prompt=mysql:\d:\v>
user=ytt
password=root
port=3340
[mysqldump]
user=ytt
password=root
port=3340
[mysqladmin]
user=ytt
password=root
port=3340

Placing the settings under [client] makes them apply to all client tools without restarting the server.

# /etc/mysql/conf.d/mysql.cnf
[client]
user=ytt
password=root
port=3340

Afterwards the warning disappears:

root@ytt-ubuntu18:/home/ytt# mysql -e "select user()"
+---------------+
| user()        |
+---------------+
| ytt@localhost |
+---------------+

3. Set MySQL environment variables (not recommended)

Export variables such as MYSQL_PWD and MYSQL_TCP_PORT for the current user.

root@ytt-ubuntu18:/home/ytt# export MYSQL_PWD=root MYSQL_TCP_PORT=3340
root@ytt-ubuntu18:/home/ytt# mysql -uytt -e "select user()"
+---------------+
| user()        |
+---------------+
| ytt@localhost |
+---------------+

This method is discouraged because other users can read the password via ps.

root@ytt-ubuntu18:/home/ytt# ps aex | grep MYSQL_PWD | grep -v 'grep'
7592 pts/0 S+ 0:00 mysql -uytt -e select sleep(1000) ... MYSQL_PWD=root ... MYSQL_TCP_PORT=3340 ...

4. Redirect standard error to /dev/null (recommended)

root@ytt-ubuntu18:/home/ytt# mysql -uytt -proot -P3340 -e "select version()" 2>/dev/null
+-----------+
| version() |
+-----------+
| 8.0.29    |
+-----------+

This uses the shell’s file‑descriptor 2 to discard error output.

5. Use mysql_config_editor to create a login path (recommended)

The tool stores credentials securely and lets you reuse them with the --login-path option.

root@ytt-ubuntu18:/home/ytt# mysql_config_editor set -G user_ytt -S /var/run/mysqld/mysqld.sock -u ytt -p
Enter password:

Then run any client command like:

root@ytt-ubuntu18:/home/ytt# mysql --login-path=user_ytt -e 'select user()'
+---------------+
| user()        |
+---------------+
| ytt@localhost |
+---------------+
root@ytt-ubuntu18:/home/ytt# mysqladmin --login-path=user_ytt ping
mysqld is alive

Note: the login path is per‑system‑user; other users must create their own.

6. Use the Unix socket authentication plugin (recommended, local only)

Configure the MySQL account to use auth_socket, which authenticates via the OS user name.

mysql> ALTER USER ytt@localhost IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye

Switch to the OS user and connect without a password:

root@ytt-pc-big:/home/ytt# su ytt
ytt@ytt-pc-big:~$ mysql -e "select user(),current_user()"
+---------------+----------------+
| user()        | current_user() |
+---------------+----------------+
| ytt@localhost | ytt@localhost  |
+---------------+----------------+

Security reminder: MySQL privileges should be granted on a need‑to‑know basis.

Keywords: #MySQL password‑less login #MySQL security