I have a somewhat annoying issue that ought to be trivial but I cannot figure it out. I am running on a Ubuntu Linux system (Focal); I have a mongo (version 5.0.3) database with authentication enabled. I cannot find a command line that will drop me into the mongo shell for the database I want. Could someone please lend me a clue?
If I issue the command mongosh -u mongoAdmin -p '<password>' mongodb://127.0.0.1/ I get into the mongo shell using the test database. To get to my database db-name, I need to issue the command use db-name.
If I issue the command mongosh -u mongoAdmin -p '<password>' mongodb://127.0.0.1/db-name I get an error message:
Current Mongosh Log ID: 617d0f78622b00d5095d474d
Connecting to: mongodb://127.0.0.1/db-name?directConnection=true&serverSelectionTimeoutMS=2000
MongoServerError: Authentication failed.
Users I have configured in the admin database:
[
{
_id: 'admin.mongoAdmin',
userId: UUID("6dbdd918-02c4-4000-b5e4-ff59db9f86ed"),
user: 'mongoAdmin',
db: 'admin',
roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
]
The missing piece was I needed to specify the authentication database on the command line. This command works:
mongosh mongodb://127.0.0.1/db-name -u mongoAdmin -p '<password>' --authenticationDatabase admin
Related
From the documentation:
The localhost exception allows you to enable access control and then
create the first user in the system. With the localhost exception,
after you enable access control, connect to the localhost interface
and create the first user in the admin database. The first user must
have privileges to create other users, such as a user with the
userAdmin or userAdminAnyDatabase role.
So I run the latest mongo with enabled access control (--auth):
docker run -p 27017:27017 mongo --auth
connect with my shell and try to create the admin user:
mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.createUser(
... {
... user: "admin",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
2018-10-03T15:29:30.234+0200 E QUERY [js] Error: couldn't add user: command createUser requires authentication :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1491:15
#(shell):1:1
What am I doing wrong?
You are not connecting to localhost but to the exported port.
For the exception to work you need to connect to localhost from within the container.
E.g.:
docker exec -it `docker ps --filter ancestor=mongo --format "{{.ID}}"` mongo
I know this is a basic security measure, but I can't make it works with my mongodb installation. Each time I run the command :
mongorestore dump_folder -u "username" -p "password"
It returns:
error reading database: not authorized on DATABASE_NAME to execute command { listCollections: 1, cursor: { batchSize: 0 } }
My question is : What is the permission that I need to enable and how ?
For the time being, I just turn off the Mongo's security in /etc/mongod.conf and start it back after I restore/dump my databases.
Additional Note:
This is how I prepared my databases and its user
I log in with my admin account, create a database, named DATABASE001
And create a user:
use DATABASE001
db.createUser({
user: "USER001",
pwd: "mypassword",
roles:[ { role: "readWrite", db: "DATABASE001" },"dbAdmin" ]
})
For roles, I add readWrite to DATABASE001 and also dbAdmin
I want this user (USER001) be able to backup or restore his database (DATABASE001).
I tested it by login with this command. It successfully logged in
mongo localhost -u USER001 -p mypassword --authenticationDatabase DATABASE001
I want to dump this database content with:
mongodump -u USER001 -p mypassword --authenticationDatabase DATABASE001
it throws me an error:
Failed: error getting database names: not authorized on admin to execute command { listDatabases: 1 }
What is this listDatabases ? how can I add it to my roles?
$ mongorestore --username adminUser --password pass123 --authenticationDatabase admin --db exampleDB dump/exampleDB
I try to create a backup of my MongoDB replicaset but I have an authentication problem :D .
So when I try to use mongodump
root#e03c2a89ac31:/# mongodump -u myBackupAccount -p 123456 --host mongo1 --out /home/backup
2017-01-17T11:00:41.069+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
root#e03c2a89ac31:/# mongodump -u myBackupAccount -p 123456 --host mongo1 --authenticationDatabase admin --out /home/backup
2017-01-17T12:37:45.819+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
But if I try with a mongo shell, I can connect to my instance
root#e03c2a89ac31:/# mongo -u myBackupAccount -p 123456 --host mongo1
MongoDB shell version v3.4.1
connecting to: mongodb://mongo1:27017/
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY> exit
My backup user was created with that command
root#e03c2a89ac31:/# mongo -u myUserAdmin --authenticationDatabase "admin" -p 123456
MongoDB shell version v3.4.1
connecting to: mongodb://mongo1:27017/
MongoDB server version: 3.4.1
REPLICASET_NAME:PRIMARY> db.createUser({user: "myBackupAccount", pwd: "123456", roles: [ { role: "backup", db: "admin" } ]})
So do you know why it isn't working ?
I did somethings bad ? :p
Thanks in advance for your help ;)
I'm rather new with MongoDB and I'm trying to add a admin account into my MongoDB whithout any users at this point.
Using this command: mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I receive this error:
Kind regards.
Let me explain the reason why its not working. mongo db refers to users collection to validate the login user.
By default mongodb doesnt provide any user login like manager, using which your were trying to login
Thus the below command is not working
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
To make the below command to work. You need to add user "manager" to mongodb user collection.
To create user run the below command:
db.addUser( { user: "manager",
pwd: "123456",
roles: [ "userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
] } )
Once you have the user created, below command work.
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I use the latest mongo, and try to set the SuperUserAdmin as described in the Mongo Doc.
1) Start ./mongod --dbpath ../data without auth
2) Run ./mongo
3) [mongo shell]: use admin
4) [mongo shell]: db.addUser( { user: "admin",
pwd: "abcde1234",
roles: [ "userAdminAnyDatabase" ] } )
5) [mongo shell]: db.shutdownServer()
then i restart mongod with auth:
6) ./mongod --auth --dbpath ../data
7) Run mongo (as localhost) again: ./mongo -u admin -p abcde1234
Then i get this error:
Javascript executiion failed: Error: 18 {code:18, ok:0.0, errmsg: 'auth fails'} at src/mongo/shell/db.js:L228
I tried different username &password, same thing..
what am i missing? I'm running on my Mac.
anyone has any idea?
Role userAdminAnyDatabase allows for users administration only. This is why if new account has only this role, it can be authenticated only to database "admin", i.e. mongo -u admin -p abcde1234 localhost/admin should work.
You probably want to add role dbAdminAnyDatabase as well.
try
mongo admin -u admin -p abcde1234
otherwise you will connect to test database and admin can't.