i have a mongodb database on a windows server and i already created a user on it with below command and it work fine for remote users, but still someone with access on windows server can run mongod command without auth parameter and then he can access the database, how can i prevent this from happening, i couldn't find any solution on web
thanks
db.createUser({
user: "accountAdmin01",
pwd: passwordPrompt(),
roles: [{role: "readAnyDatabase", db: "admin"}, "readWrite"]
})
A user with access to the database's files can copy the files to their own computer and run the database themselves.
Any human being with the ability to log in to the database's user account has full access to the database's files.
Thanks D.SM, it solved by creating different account on the vps with no read/write access on db folder by the others
Related
I'm trying to add an admin user in Mongo, but I'm having trouble.
I already have auth = true commented out inside /etc/mongodb.conf.
When I run Mongo, I run these commands in order:
mongo
use admin
db.createUser({user:"admin",pwd:"password",roles:["root"]});
When I do so, I encounter the following error:
2020-10-11T04:50:50.714+0000 E QUERY [thread1] Error: couldn't add user: there are
no users authenticated :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1437:15
#(shell):1:1
I'm not sure exactly how to create an admin user if I have to log in as an admin user to do so. Any help is appreciated!
You don't have to disable authentication. With authentication enabled you can still logon to your MonogDB without username/password. However, as soon as you create the first user with userAdmin or userAdminAnyDatabase role the access control becomes active and you have to authenticate.
This behavior is called Localhost Exception
Is this the first user to try to create? Perhaps another admin user already exist. See also How do I create a the first mongodb user with authorization enabled?
I just gave up and started over with a new database, after exporting the old one as a backup.
For creating a user you will have to have a user in admin database first. So while creating user you need to provide db name and role both. Try creating user with below syntax.
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "password"
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
Reference-
https://docs.mongodb.com/manual/tutorial/enable-authentication/
I am trying to make an admin user, which can authenticate to any database. When I do something like this:
db.createUser({
"user": "admin",
"pwd": "adminPassword",
"roles": [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
]
});
It works fine when connecting to the admin database. However, it doesn't work when I try something like this: mongodb://admin:adminPassword#localhost:27017/someDatabaseHere. I cannot authenticate to someDatabaseHere unless I authenticate to the admin database first, then go change stuff around in someDatabaseHere afterwards.
I really want to get the URI working as above, without needing to create an user for each database afterwards.
Alternatively, I would like to authenticate locally without credentials (simply mongodb://localhost:27017/someDatabaseHere) but require credentials remotely. That could work as well.
unless I authenticate to the admin database first, then go change stuff around in someDatabaseHere afterwards.
Currently (as of MongoDB 3.4.10), this is how the authentication mechanism works. This is the purpose of the --authenticationDatabase parameter. If the user is defined in the admin database, then it should have access to all databases on the server, existing or not.
I would like to authenticate locally without credentials
Currently this is not possible, since MongoDB uses a role-based authentication scheme and not IP-based authentication.
We have installed MongoDB in AWS and it is running in without Authentication mode. But we want to run MongoDB instance in authentication mode. We have added the line security:
authorization: "enabled" in mongod.conf file . But still we are able to connect our database without any credentials.
You are able to login because of localhost exception, you can login in DB to create users, as you haven't created any yet. As mentioned in mongodb site.
You can create users either before or after enabling access control.
If you enable access control before creating any user, MongoDB
provides a localhost exception which allows you to create a user
administrator in the admin database. Once created, you must
authenticate as the user administrator to create additional users as
needed.
After it you should create Admin user with role userAdminAnyDatabase, and you will be able to create this user even mongod is started with --auth or not. you can create this user by below command.
use admin
db.createUser(
{
user: "myAdmin",
pwd: "123adc",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
And then create other users, for more detail you can go to another answer given by me.
https://stackoverflow.com/a/40058794/3879440
I've an annoying problem with my mongo db (v2.6). I've added a root user to it, with role:
{role: "root", db: "admin"}
My problem is, that I wanted to set authentication for other databases, but I can add user, without command line. I've used this in command line:
db.createUser({user: "dbuser", pwd: "dbpass", roles: ["dbAdmin"]})
It's ok. But I'm not a true command-line-lover, so I like AdminUIs. I'm using MongoHUB for it. I can login, add/remove collections on any database, but I can't create user for databases. I get this error:
not authorized on admin to execute command
I've read this on the manual:
"root does not include the ability to insert data directly into the system.users and system.roles collections in the admin database."
So what is the correct role for me?
Thanks for the help.
I have a fresh MongoDB 2.4.7 installation. I run commands below in first run:
db.getSiblingDB('admin').addUser({
user: 'root',
pwd: 'root',
roles:['userAdminAnyDatabase', 'dbAdminAnyDatabase']
});
After restarting mongod using --auth, running db.auth('root', 'root') on any dbs fails including admin db.
How can i fix it to have a super user (root access) and add other users for dbs?
You need to authenticate against the admin database and the MongoDB documentation recommend to use this user only to create new users and give appropriated permissions. But if you want to have a super user, also add the role readWriteAnyDatabase.