So I forgot what password I had set for the root user in MariaDB on my VPS. By default, Debian should set things up so that, if you are already logged in as root, a command like mariadb -u root should be sufficient to log you in with full root access, without having to specify a password. This depends on using a Unix socket connection, so the server can discover what credentials your process possesses, and control access accordingly. But this didn’t work (stopped working? never worked?) on my VPS for some reason. You can fix this by temporarily restarting mariadbd with the privilege system turned off with the --skip-grant-tables option: this lets you mess around inside the user privilege settings, and once you have fixed them, you restart the server process in the normal way, and all should be good. The global user privileges (i.e. not database/table-specific) are stored in the “global_priv” table in the “mysql” database. The “Priv” field for each user is a JSON blob with a whole bunch of stuff mashed together; I tried comparing this for the root@localhost entry with the same record on my own machine (where I have no trouble accessing databases as root), and narrowed the difference down to these specific items in the blob: Doesn’t work: "plugin":"unix_socket" Does work: "plugin":"mysql_native_password", "auth_or":[{},{"plugin":"unix_socket"}] (Note there was no “auth_or” item in the other field value.) So after delicately extracting the entire field value, doing the necessary edits and setting it back again (Remember all those lectures about avoiding unnormalized field values? This is why you should listen to your elders), I tried restarting mariadb in regular privilege-enforcing mode ... ... and it worked.