I created a default admin user with the following command in mongoshell:
use admin
db.createUser(
{
user: "root",
pwd: "root",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Then I authenticated using the shell and my credentianls as following:
mongo --port 27017 -u "root" -p "root" --authenticationDatabase "admin"
In the shell I am able to see the users and version collections using:
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
> use admin
switched to db admin
> show tables
system.users
system.version
>
Now when I try to access these tables from MongoDB Compass Community I first authenticate:
Now the admin database is showing up empty?
How can I access the users collection and the other collections from the graphic interface just as I did from the shell?
The reason why you cannot see the user collection and other collections is the userAdminAnyDatabase built-in role. By default It does not need the necessary rights to read those collections.
Try root or dbAdminAnyDatabase depends on your needs.
Cheers,
Resource:
https://docs.mongodb.com/manual/reference/built-in-roles/
In short : Use "root" in role instead of "userAdminAnyDatabase" and try again.
If use was set this config in "C:\Program Files\MongoDB\Server\4.4\bin\mongod.cfg"
security:
authorization: enabled
You need to comment these 2 line by insert # at start of lines.
Then restart service of "MongoDB Server (MongoDB)".
Open Cmd type these command line by line
mongo
use admin
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
Then uncomment security and authorization in mongod.cfg and restart service "MongoDB Server (MongoDB)" again.
You can see how to create or update user role in this answer
Thanks Dan Dascalescu.
https://stackoverflow.com/a/29472184/4418749
Related
I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test
Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so:
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID(\"a1d5bc0d-bc58-485e-b232-270758a89455\") }, $db: \"admin\" }"
I have been on many online sources to help fix this issue but no luck, is there a way to resolve this issue? Seems like my user can't access the admin database, is there a way to grant this access to my user so I can run the necessary commands like show dbs?
Any help is much appreciated! :)
In order to run show dbs command and if the user has access to multiple databases, first the user should be created on the admin database (this is because listDatabases action is a cluster wide operation). Also the user should be given access to this operation. In order to do that, a new role should be created with the action. Below are the steps for the same:
//login as admin with --authenticationDatabase "admin" (assumption is that admin user is with root privileges) and then run the below:
use admin;
db.runCommand({ createRole: "listDatabases", privileges: [{ resource: { cluster : true }, actions: ["listDatabases"]} ], roles: [] });
db.createUser({user:"testUser", pwd:"passwd", roles:[{role:"read", db:"db1"},{role:"read", db:"db2"},{ role: "listDatabases", db: "admin" }]});
//exit as admin user and login as testUser: note the --authenticationDatabase "admin"
mongo -u "testUser" -p --authenticationDatabase "admin"
after logging in run the command below and it should list all the databases:
show dbs;
The below will work fine even though user is not given access to admin database:
use admin;
But then the below will give error:
show collections;
The problem is related the database you are using with the --authenticationDatabase parameter.
You are connecting to mongo with the user of your test database who has no privileges to execute listDatabase commands.
Let's do this using the admin db as auth db
mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase admin
and then run the command
show dbs
I am having a bit trouble setting up mongo-express with my local mongodb install. Basically, I created an admin user like this:
db.createUser(
{
user: "admin",
pwd: "abc123",
roles:["root"]
})
And in mongo-express's config.js I specified this account for the authentication. Running mongo-express -u "admin" -p "abc123" -d "admin" works, and opening the webview shows the admin database.
But that is the only DB it shows there, but I have more DBs within mongodb:
> show dbs
admin 0.000GB
local 0.000GB
test 0.112GB
I want the test DB to show up there as well, but I do not understand whats preventing mongo-express from displaying it. I do understand that authentication happens at DB level, but since the admin was created with root as role, mongo-express should be able to display all DBs, right?
Ok I found the problem:
Apparently one has to run 'mongo-express' with the '-a' flag when admin credentials are stored in the config.js and one wishes to let mongo-express access mongodb as admin.
This helped me: how to make mongo-express show all db?
I firstly installed MongoDB 3.4.1 today. But when I start it and use MongoDB shell, it gave me these warnings below:
C:\Users\hs>"C:\Program Files\MongoDB\Server\3.4\bin\mongo.exe
MongoDB shell version v3.4.1
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.1
Server has startup warnings:
2017-01-12T21:19:46.941+0800 I CONTROL [initandlisten]
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten]
my computer is Microsoft Windows [version 10.0.14393].
Mongodb v3.4
You need to do the following to create a secure database:
Make sure the user starting the process has permissions and that the directories exist (/data/db in this case).
1) Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db
2) Connect to the instance.
mongo --port 27017
3) Create the user administrator (in the admin authentication database).
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db
5) Connect and authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
6) Create additional users as needed for your deployment (e.g. in the test authentication database).
use test
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "test" },
{ role: "read", db: "reporting" } ]
}
)
7) Connect and authenticate as myTester.
mongo --port 27017 -u "myTester" -p "xyz123" --authenticationDatabase "test"
I basically just explained the short version of the official docs here: https://docs.mongodb.com/master/tutorial/enable-authentication/
OMG, what a gas plant, that top answer!
All you need to do is to:
Edit your config, e.g. C:\Program Files\MongoDB\Server\4.4\bin\mongodb.cfg
Turn the security: authorization: to enabled, as illustrated; note that this sub-entry may be missing completely. Just add it then.
Restart your MongoDB Server service from the Windows Services control panel.
Obviously, if, following this, set up a read/readWrite role-based policy, that will make much more sense.
Ref: https://docs.mongodb.com/manual/tutorial/configure-scram-client-authentication/
I've just tested this using phpunit, works as expected.
you can create an admin user or another role.
run it on mongo shell.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"]})
if you get SCRAM-SHA-256error you can set the SHA-1 mechanism.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"], mechanisms: ["SCRAM-SHA-1"]})
You need to delete your old db folder and recreate new one. It will resolve your issue.
I have mongod server up and running as a service on ubuntu 14.04, i started mongo shell and created a user.
db.createUser( {
user: "testAdmin",
pwd: "12345678",
roles: [ { role: "userAdmin", db: "students" } ]
} )
after that I changed edit the mongod.conf and set auth=true and restarted the mongod server as a service.
After all this, when I want to start the mongo shell with user testAdmin .
mongo -u testAdmin -p 12345678 --authenticationDatabase students
But I am not able to login and it is giving me error.
MongoDB shell version: 3.2.10
connecting to: 127.0.0.1:25018/test
2016-10-13T05:56:27.500+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:25018, reason: errno:111 Connection refused
2016-10-13T05:56:27.500+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:25018, connection attempt failed :
First when I am specifying database students why it is trying to connect to test? Second I know that userAdmin role in mongodb is not for read/write in database with userAdmin I can only manage user roles. But to manage other users i still need to login in mongo shell.
It is working when I turn off the auth in mongod.conf, so other things are fine, only authentication is not working.
First when I am specifying database students why it is trying to connect to test?
You are not specifying the database (students) you want to connect to here.
The --authenticationDatabase is used to specify the database where the user had been created and which is used for the authentication process.
You should also specify students as the db option you want to connect to. If you omit it, the shell automatically tries to connect to test database:
mongo students -u testAdmin -p 12345678 --authenticationDatabase students
Note the addition of students just after mongo.
This is assuming the user has been created in the students database (and not admin or other). Note that in that case the db declaration within role is redundant:
roles: [ { role: "userAdmin", db: "students" } ]
could have also been specified as:
roles: [ "userAdmin" ]
I am having an issue with mongo db 3.0.4 that randomly started happening today. The authentication stopped working randomly without any user action on our part. Our setup is easy. One application, one database. I take the application out of the equation and I still get the same result. Here are the steps I am taking. Reinstalled mongo and pointed the logpath and dbpath to a new folder to start from scratch.
Create the config file.
logpath=c:\data\logs\mongod.log
dbpath=c:\data\db
Log in to mongo shell and run this command.
db.createUser({user: "admin",pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" }]})
Add the auth=true in the config file.
auth=true
Restart the mongodb service.
Start up mongo shell with
mongo -u admin -p admin --authenticationDatabase admin
Then I get the Error 18 Authentication failed.
I am really lost for words. Any help would be greatly appreciated.
Thanks
i think user doesn't have efficient privileges. try with this role.
use admin
{user:"admin",pwd:"admin",roles:["root"]}
Before create the user, you need to change the db and create it in admin db.
Disable auth
Enter to mongo shell
Change db to admin ('use admin')
now create the user.
Enable the auth again (with auth or mongodb-keyfile)
Enter mongo shell with:
mongo -u admin -p admin --authenticationDatabase admin