My mongo shell is giving me this error when I am using show dbs command.
not authorized on admin to execute command
I have tried to create a user using
db.createUser(
{
user: "siteUserAdmin",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
as on https://docs.mongodb.com/v2.6/tutorial/add-user-administrator/
But it still gives me the same error:
Could not add user: not authorized on admin to execute command.
I am using Ubuntu 16.04 and mongoDB version is 3.4.9
I think you can use the role as root for Ubuntu. Try the below query.
use admin
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
exit;
You can give read write permission to user as well
use admin
db.grantRolesToUser("admin",["readWrite"])
EDIT
Since the above didn't work try to start the instance with auth as below
Stop the mongod instance
Start the instance with $ mongod --auth
Now start mongo shell and create user
use admin
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
exit;
Now give permission
db.auth("admin", "password")
db.grantRolesToUser("password", [ { role: "readWrite", db: "admin" } ])
Now check show users
Related
I have 22 databases on a single MongoDB instance. I came across root role of MongoDB authentication. I want to create a single user which can do anything to existing database as well as create new database and manage them fully. I ran the following command but it doesn't allow me to access any database except admin.
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [ "root" ]
})
It only stores root role for admin database only. How can I apply root role to all existing database as well as on new database if added? Is there only one way to supply all the DB name in roles array like this to achieve what I want?
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [
{ role: "root", db: "db_1" },
{ role: "root", db: "db_2" },
{ role: "root", db: "db_n" },
]
})
You would need to assign root for admin db explicitly I guess.
For me the following worked (am on version: 3.4.23):
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [
{ role: "root", db: "admin" }
]
})
I can't believe that there is no simple example for this. I keep reading different versions everywhere.
mongo --port 27017 -u "admin" -p "mypass" --authenticationDatabase "mydb"
use mydb
db.createUser(
{
user: "normal",
pwd: "anotherpass",
roles: [ { role: "readWriteAnyDatabase", db: "mydb" } ]
}
)
I get:
Error: couldn't add user: No role named readWriteAnyDatabase
From the website:
Changed in version 3.4: Prior to 3.4, readWriteAnyDatabase includes
local and config databases. To provide readWrite privileges on the
local database, create a user in the admin database with readWrite
role in the local database.
If you want the desired output, I believe you just have to go to the admin database use admin and create an user with the following command:
db.createUser(
{
user: "normal",
pwd: "anotherpass",
roles: [ { role: "readWrite", db: "mydb" } ]
}
)
I'm using mongo 3.07 and have a working authentication system, but it seems like I must be doing things a roundabout hacky way. Is there a simpler way to do this, or perhaps better then the following:
I run mongod with my mongod.config default, auth is commented out: #auth=true
I run mongo, then I do the following, which I believe is necessary to set my authentication method so that log/pass will work:
db.system.version.remove({}) <== removing current version
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
In mongo console, I create my admin user:
db.createUser(
{
user: "siteUserAdmin",
pwd: "mysecretpassword",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Then I switch databases to my actual db, lets call my db example:
db.createUser(
{
user: "exampleadmin",
pwd: "mysecretpassword",
roles: [ { role: "userAdmin", db: "example" }, { role: "readWrite", db: "example" }]
}
)
I update mongod.config so that auth = true is not commented out.
I relaunch mongod.
Again, this is working for me, and I may continue using it, but is this really a "reasonable" way to setup security in Mongo, or am I doing this in a backwards fasion?
I have create a user in Mongo 3.0.4 and enable authentication, I can login in Mac but not in Ubuntu 14.04
This is how I followed process to enable authentication
use admin
db.createUser(
{
user: "mongoUser",
pwd: "User123##!",
roles: [
{ role: "read", db: "trackuser" },
{ role: "readWrite", db: "trackuser" },
{ role: "dbAdmin", db: "trackuser" },
{ role: "dbOwner", db: "trackuser" }
]
}
)
auth=true in /etc/mongod.conf
$ mongo -u mongoUser -p User123##! --authenticationDatabase trackuser
MongoDB shell version: 3.0.4
connecting to: 127.0.0.1:27017/test
2015-07-16T14:44:54.741+0200 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1266:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1266
exception: login failed
What to do in this case?? Same version Working in Mac but not in Ubuntu??
You can try adding new parameter for DB name like this
-d trackuser
right now i guess you are using
--authenticationDatabase trackuser
First I tried db.eval() for my local mogodb server.It is working fine.I used this example
Then I tried the same thing with MongoLab.But I got this error message.
The error say not authorized to execute command.Can you explain why this error message.thanks
Eval is a powerfull, dangerous and deprecated action that mLab don't give.
In a local mongo db you should create a role:
use admin
db.createRole(
{
role: "dangerEval",
privileges : [
{ resource: {anyResource: true }, actions : ["anyAction"] },
// or this for grant anyAction only on a single db:
{ resource: {db: "myDb", collection: "" }, actions: [ "anyAction" ] }
],
roles: []
}
)
Then you can assign this role to a user:
db.createUser({
user: "temporaneyEvalUser",
pwd: "psw",
roles: [ { role: "dangerEval", db: "myDb" } ]
});
So you have to choose another way to archive your target or change mongo installation.