I have set up a docker with MongoDB Image. By default it has no password set up. I made a user and assigned it roles, which works perfectly well. But the issue is that the connection is still possible without authentication.
Connect with Authentication > Right Username, Right Password -> CONNECTED
Connect with Authentication > Right Username, Wrong Password -> CONNECTION FAILED
Connection without Authentication > CONNECTED
I want the 3rd point to stop working.
Steps:-
1) Run a docker instance without authentication
$ docker run --name container-name -d -p 27017:27017 -v ~/mongodb:/data/db mongo
2) Create a main administrator user with admin roles
$ mongo --port 27017
$ use admin;
$ db.createUser({user: "adminUserName",pwd: "adminPassword",roles: [{ role: "userAdminAnyDatabase", db: "admin" }})
This will create a user in the admin database with roles "userAdminAnyDatabase". This is like a superuser.
3) Create User for a particular database
$ use
$ db.createUser({user: "dev-read-username",pwd: "dev-read-password",roles:["read"]})
-- User with "read" role
$ db.createUser({user: "dev-write-username",pwd: "dev-write-password",roles:["readWrite"]})
-- User with "readWrite" role
For list of roles available or how to create custom roles, please check https://docs.mongodb.com/manual/reference/built-in-roles/
4) Remove the docker container
$ docker ps -a
$ docker stop container_id
$ docker rm container_id
5) Run the docker instance with authentication enabled
$ docker run --name container-name -d -p 27017:27017 -v ~/mongodb:/data/db mongo --auth
I assume you might not have started the docker container with --auth enabled. Once you start with --auth enabled, then you will not be able to connect without credentials.
Run with auth option to add authorizations docker run --name some-mongo -d mongo --auth
You should create an admin user. You can check if admin user exists using db.getSiblingDB('admin').system.users.find() or create one like : db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [{ role: "userAdminAnyDatabase", db: "admin" } ] });
Source : https://hub.docker.com/r/library/mongo/
Related
This is my situation. I have a mongodb docker container instance and i need to change the admin password. Now, I have the credentials to connect to the mongodb just fine, using the host and ip and the credentials. I have access to the server via ssh and I need to change the admin password. But if i do,
mongo manager --port 27017 -u "admin" -p "--------"
--authenticationDatabase "manager"
Gives me an authentication error. And i cannot run any administration commands such as: db.auth('admin', 'password')
My question is how can i stop mongo inside the container if i do?
docker exec -it mongodb bash
Any other workaround will work. The goal is the change the password or create a new admin user to control the users and roles.
Thank you so much for the help. Please let me know if more information is needed.
Are you sure your authenticationDatabase is "manager"?
In anyway, you don't need to stop mongo proces to interact with database but authenticate a user with necessary privileges using mongo shell.
Get access to running mongo container:
$ docker exec -it «container_name» bash
Authenticate using mongo shell:
$ mongo -u admin -p 123admin --authenticationDatabase admin
Once you authenticated, run shell script to switch to database that holds user's data.
$ use admin
Run changeUserPassword command to change password:
$ db.changeUserPassword("admin", "admin123")
Thats it.
From the documentation:
The localhost exception allows you to enable access control and then
create the first user in the system. With the localhost exception,
after you enable access control, connect to the localhost interface
and create the first user in the admin database. The first user must
have privileges to create other users, such as a user with the
userAdmin or userAdminAnyDatabase role.
So I run the latest mongo with enabled access control (--auth):
docker run -p 27017:27017 mongo --auth
connect with my shell and try to create the admin user:
mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.createUser(
... {
... user: "admin",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
2018-10-03T15:29:30.234+0200 E QUERY [js] Error: couldn't add user: command createUser requires authentication :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createUser#src/mongo/shell/db.js:1491:15
#(shell):1:1
What am I doing wrong?
You are not connecting to localhost but to the exported port.
For the exception to work you need to connect to localhost from within the container.
E.g.:
docker exec -it `docker ps --filter ancestor=mongo --format "{{.ID}}"` mongo
I'm rather new with MongoDB and I'm trying to add a admin account into my MongoDB whithout any users at this point.
Using this command: mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I receive this error:
Kind regards.
Let me explain the reason why its not working. mongo db refers to users collection to validate the login user.
By default mongodb doesnt provide any user login like manager, using which your were trying to login
Thus the below command is not working
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
To make the below command to work. You need to add user "manager" to mongodb user collection.
To create user run the below command:
db.addUser( { user: "manager",
pwd: "123456",
roles: [ "userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
] } )
Once you have the user created, below command work.
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I am struggling to find out the solution to authenticate my mongo db replica set through docker script.I am able to achieve the target on native mongo of server but in docker image I am not able to implement the authentication.(I am able to create the replicaset on docker image as well).
I was facing the same issue, i had to do the process in a different order.
Try setting up the authentication first and then create replications.
1.start docker mongo without replica or auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6
2.connect with mongo and add users you want. And make sure you add a superuser, we will use this user to initiate replication later
db.createUser({ user: "superuser", pwd: "superuser", roles: [ "userAdminAnyDatabase","readWriteAnyDatabase","dbAdminAnyDatabase","clusterAdmin" ]})
3.stop docker mongo and restart with replica and auth
docker run --rm -p 22222:27017 -v datadb1:/data/db --name mongonew mongo:2.6 --replSet replocalnew --auth
4.connect with mongo now. authenticate with the superuser we created.
db.auth("superuser","superuser");
5.now initiate replication
rs.initiate();
I use the latest mongo, and try to set the SuperUserAdmin as described in the Mongo Doc.
1) Start ./mongod --dbpath ../data without auth
2) Run ./mongo
3) [mongo shell]: use admin
4) [mongo shell]: db.addUser( { user: "admin",
pwd: "abcde1234",
roles: [ "userAdminAnyDatabase" ] } )
5) [mongo shell]: db.shutdownServer()
then i restart mongod with auth:
6) ./mongod --auth --dbpath ../data
7) Run mongo (as localhost) again: ./mongo -u admin -p abcde1234
Then i get this error:
Javascript executiion failed: Error: 18 {code:18, ok:0.0, errmsg: 'auth fails'} at src/mongo/shell/db.js:L228
I tried different username &password, same thing..
what am i missing? I'm running on my Mac.
anyone has any idea?
Role userAdminAnyDatabase allows for users administration only. This is why if new account has only this role, it can be authenticated only to database "admin", i.e. mongo -u admin -p abcde1234 localhost/admin should work.
You probably want to add role dbAdminAnyDatabase as well.
try
mongo admin -u admin -p abcde1234
otherwise you will connect to test database and admin can't.