MongoDB - What is the privilege needed to run setFeatureCompatibilityVersion? - mongodb

Using mongoDB 3.4.3 I'm facing the problem described in this issue (https://jira.mongodb.org/browse/SERVER-26556) when trying to create an index with collation.
Since I've upgraded from a previous version, it says what is needed is to explicitly allow the backwards-incompatible 3.4 features set, but with a user with role userAdminAnyDatabase I still have no permission:
> db.adminCommand({setFeatureCompatibilityVersion: "3.4"})
{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command {setFeatureCompatibilityVersion: \"3.4\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
My question is, what role does the user needs to be able to do this?

Using a user with root privilege worked.
After authentication:
> use admin
> db.adminCommand({setFeatureCompatibilityVersion: "3.4"})
{ "ok" : 1 }

I was not able to run the command as I was getting the following error :
db.adminCommand( { setFeatureCompatibilityVersion: "3.4" } )
{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { setFeatureCompatibilityVersion: \"3.4\", $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
The following link gives details :
https://dba.stackexchange.com/questions/159390/mongodb-all-commands-spit-out-not-authorized-on-admin-to-execute-command
Steps I followed (I am using Mac) :
sudo nano /usr/local/etc/mongod.conf
Comment the security as shown below:
Restart MongoDB. sudo brew services restart mongodb
Connect using mongodb and run the following code
use admin
db.adminCommand( { setFeatureCompatibilityVersion: "3.4" } )
Uncomment the security in mongod.conf and restart the MongoDB server.

To be able to execute setFeatureCompatibilityVersion user must have "clusterManager" built-in role.
See documentation here: https://docs.mongodb.com/manual/reference/built-in-roles/#clusterManager

Related

shell commands in mongo inside Docker fails for Authentication

I am trying to run some shell commands in mongo which is inside docker container.
docker exec -it mongodb_mock bash
It opens the mongo shell. but when I run any command in this it gives authentication error:
> show dbs
2018-08-28T10:12:12.755+0000 E QUERY [thread1] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs#src/mongo/shell/mongo.js:62:1
shellHelper.show#src/mongo/shell/utils.js:781:19
shellHelper#src/mongo/shell/utils.js:671:15
#(shellhelp2):1:1
Please help.
EDIT: This db is created through mongoose/express, from another container.
first you need to authorize db with user, below is example command
use admin;
db.auth('admin','password');
then your able to run all querys. or start mongod without --auth parameter so you no need user authentication.

Installing Mongodb in Kubernetes using Helm

I installed mongodb using Helm in my Kubernetes cluster.
https://github.com/kubernetes/charts/tree/master/stable/mongodb
It works fine and lets me connect to the db. But I cannot do any operation once I log into the mongo server. Here is the error I get when I try to see the collections.
> show collections;
2018-04-19T18:03:59.818+0000 E QUERY [js] Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {}, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand#src/mongo/shell/db.js:942:1
DB.prototype.getCollectionInfos#src/mongo/shell/db.js:954:19
DB.prototype.getCollectionNames#src/mongo/shell/db.js:965:16
shellHelper.show#src/mongo/shell/utils.js:836:9
shellHelper#src/mongo/shell/utils.js:733:15
#(shellhelp2):1:1
I am logging in as the root user using
mongo -p password
I don't know why even the root user has no authorization to do anything.
I found the issue. By default, MongoDB uses the admin DB to authenticate but in the helm chart, the authentication DB is the same as the DB that you create with it. So If I create a DB called test, the authentication DB will also be test

kaa monogodb in authentication mode

kaa-node throws following ERROR in the log file:
Command failed with error 13: 'not authorized on kaa
to execute command { createIndexes: "endpoint_registration",
user "mongokaa" creadted in db kaa, role = dbOwner
db.getUsers() [
{
"_id" : "kaa.mongokaa",
"user" : "mongokaa",
"db" : "kaa",
"roles" : [
{
"role" : "dbOwner",
"db" : "kaa"
}
]
}]
mongodb started with
mongod --quiet --config /etc/mongod.conf
athentication credentials are set on the Log appender configuration page
Why kaa-node kan't execute the command "createIndexes"?
The command can be executed over mongodb shell when I'm logged in with the user "mongokaa".
mongodb version: 3.2
ubuntu version: 16.0.4 LTS
kaa-node version: 0.10.0
Thank you for your help.
Currently, Kaa is not supported MongoDB version 3.2. See Kaa requirements and supported versions in our pre-release documentation. You can try MongoDB 2.6.9 version.

How to interact with MongoDB via shell in OpenShift Online 3 Dev Preview?

I've got multiple issues with an application which I suspect are related to permissions on the database.
Everything seems locked down however and I can't complete basic commands such as show dbs in order to troubleshoot the problems further and "see" what I'm working with. I've been stuck on this for two days now and it's really frustrating.
I've tried this both from the online console and on local terminal, both with and without user credentials supplied at login:
Online Console
Console > MongoDB Service > Deployment > Pod > mongodb-1-vs19d > Terminal:
sh-4.2$ mongo
MongoDB shell version: 2.6.9
connecting to: test
> show dbs
2016-07-13T04:33:10.809-0400 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
Local Terminal
me#my-computer:~$ oc rsh mongodb-1-vs19d
sh-4.2$ mongo
MongoDB shell version: 2.6.9
connecting to: test
> show dbs
2016-07-13T04:35:06.449-0400 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
Local Terminal With User Credentials
me#my-computer:~$ oc rsh mongodb-1-vs19d
sh-4.2$ mongo -u $MONGODB_USER -p $MONGODB_PASSWORD $MONGODB_DATABASE
MongoDB shell version: 2.6.9
connecting to: users
> show dbs
2016-07-13T04:51:39.127-0400 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
Troubleshooting envars are correct:
me#my-computer:~$ oc env pods mongodb-1-vs19d --list
# pods mongodb-1-vs19d, container mongodb
MONGODB_USER=admin
MONGODB_PASSWORD=secret
MONGODB_DATABASE=users
MONGODB_ADMIN_PASSWORD=very-secret
The database was created from local terminal with:
oc new-app mongodb-persistent -p MONGODB_USER=admin,MONGODB_PASSWORD=secret,MONGODB_ADMIN_PASSWORD=very-secret
As per official docs:
https://docs.openshift.com/online/getting_started/beyond_the_basics.html#btb-provisioning-a-database
https://docs.openshift.com/online/using_images/db_images/mongodb.html#running-mongodb-commands-in-containers
It looks like you're trying to show dbs as user who has not been granted the needed role. You can try authenticating yourself as admin as follows:
mongo -u admin -p $MONGODB_ADMIN_PASSWORD admin
Then you should be able to show dbs, show users, use other databases and show users there, etc...
It's a bit confusing that your $MONGODB_USER is named admin - this regular user will have access to the $MONGODB_DATABASE. Another admin has been created by the used image most likely as well.

MongoDB shell authentication error

I created a user and password for a database called student.:
db.createUser({user:'Catalin',pwd:'Catalin',roles:[{role:'userAdmin',db:'student'}]});
So I restarted MongoDB Server with this command:
mongod --auth --dbpath C:\data\db
in another terminal, I connected to the sever with:
mongo
then queried the server with :
> db.getUsers()
[
{
"_id" : "student.Catalin",
"user" : "Catalin",
"db" : "student",
"roles" : [
{
"role" : "userAdmin",
"db" : "student"
}
]
}
]
went to the student database:
> use student
switched to db student
Entered my username and password succesfully via this command:
> db.auth('Catalin','Catalin');
1
and when I want to view my collections I get an error, WHY?:
> show collections
2016-03-07T15:54:41.166+0300 E QUERY [thread1] Error: listCollections failed:
{
"ok" : 0,
**"errmsg" : "not authorized on student to execute command { listCollectio
ns: 1.0, filter: {} }",**
"code" : 13
} :
_getErrorWithCode#src/mongo/shell/utils.js:23:13
DB.prototype._getCollectionInfosCommand#src/mongo/shell/db.js:746:1
DB.prototype.getCollectionInfos#src/mongo/shell/db.js:758:15
DB.prototype.getCollectionNames#src/mongo/shell/db.js:769:12
shellHelper.show#src/mongo/shell/utils.js:695:9
shellHelper#src/mongo/shell/utils.js:594:15
#(shellhelp2):1:1
"errmsg" : "not authorized on student to execute command { listCollectio
ns: 1.0, filter: {} }",
P.S. : I'm using mongoDB 3.2
The userAdmin built-in role only provides the ability to create and modify roles and users on a database. If you need access to the database, you would need to either assign database roles, or other roles that has database access such as dbOwner.
Please see Built-in Roles for more detailed information.
You may also find these useful:
Manage users and roles.
Enable client access control.
If you are using version 5 or befor DataBase MongoDB, pay attention to this point. You should not write anything in the mongod.conf file in the /etc/mongod.conf path. Use the following two commands to update the dependencies.
install dependencies :
sudo apt install libgconf-2-4
sudo add-apt-repository universe