Why is db.auth() only working after selecting a particular database? - mongodb

Right after I launch mongo, running
db.auth("admin", "myGreatPassword")
returns 0. But doing this:
use admin
db.auth("admin", "myGreatPassword")
returns 1.
I find this strange because the admin user has root privileges and can access all databases and do anything.
What could be the reason for the above behavior? Why do I need to first select a particular database, in this case admin, to log in?

With mongodb you authenticate against a particular database: that database contains the collections that define the users and their roles. That user may then be authorised to do things on multiple databases, but the act of logging in happens against a specific database.
When using the command line tools this is the --authenticationDatabase option, in the mongo shell the authentication commands run against the current database.

Related

how to create a database other than admin in cosmos db?

I recently created an cosmosdb account which uses Mongo API. when I create new collections the only database it uses is "admin".
I tried attaching the db name like testdb to the url but that didn't work.
I tried mongo shell to create a db but it didn't work either.
Either create your database ahead of time (using either the portal or the Azure SDK), or create via MongoDB.
Not sure how you tried attaching to testdb but from the shell, you should be able to execute:
use testdb
Once you do this, you can execute something like
db.newcollection.save({foo:"bar"})
This will result in a new collection created, within testdb. You can see this via show dbs:
globaldb:PRIMARY> show dbs
admin 0.000GB
testdb 0.000GB
Note: When you create a collection implicitly this way (vs creating explicitly via either the portal or the Cosmos DB SDK), you will get a default RU setting for the collection (1000 RU currently), and would need to adjust accordingly via the portal afterward to suit your needs.

MongoDB - readWriteAnyDatabase role not working

I have a user with a readWriteAnyDatabase role but still it cannot list the collections in a db I have named ops.
I have another user with a root role and he succeed to list the collections.
What can be the cause?
The error I am getting: Not authorized to execute command: listCollections...
using mongodb: 3.4.7
I have 2 dbs:
admin
ops
I try to view the collections in ops
Can you login to the mongo shell as admin and run db.getUser("xxx") (where xxx is the username in question) and show the output.
Also, can you verify that you are in fact authenticating as this user in question. How are you testing this via the mongo shell?
Another test, login to the mongo shell as admin, then run db.auth("xxx", "passwordForXXX").

MongoDB 2.6.12 - no collections in DB

I have a some problem with MongoDB (2.6.12). I have one database with collections and a lot of data. Then I created user with readWrite role, enabled auth=true in mongod.conf, restarted 'mongod' service.
Looks like auth works fine, but I can't see any data/collections in DB. I can't use 'find' query, in mongo shell it just returns nothing (empty line). I also can connect to DB without credentials and I see the same result.
I've tried a different roles and different users, but I can't get access to my data. What can be a problem?
OK!
When you login, you need to use --authenticationDatabase -parameter, normal value for that is 'admin'.
mongo host:port -u user -p password --authenticationDatabase admin
If authentication database is not same database where your collection is (your collection is not at admin-database) give that database name as last parameter at 'mongo'-command, to select that DB.
mongo host:port -u user -p password --authenticationDatabase admin myOwnDB
OR
after successful login, use command: 'use your_db_name', to change that database.
use myOwnDB
IF you don't know your database name.
When you have login successful, give command 'show dbs' to list all databases.
show dbs
After that you can use command 'use db_name' to change database. Then you can use command 'show collections' to list all collections on that database.
use myOwnDB
show collections

Root user can't connect to any database with MongoDB

I'm using MongoDB with Docker and want to automate the database creation.
I found that when passing MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD environment variables to the docker run command I can create a new root user on the admin database.
My issue starts when I'm trying to create a new database and create collections in it.
I wrote a script that selects the admin database, authenticate into the mongo service and creates new db, but for some reasons I can not access the database with my credentials..
use admin;
db.auth('myuser', 'mypassword');
use newDatabase;
db.createCollection('newCol');
when trying to authenticate to newDatabase with the given credentials (myuser and mypassword) I found that I do not have the needed permissions to the db.
What did I do wrong? How can I do it automatically anyway?
I just understood that the root cannot access the other databases for some reasons, so I used db.createUser and created a new user just for the new database.

Do I have to be admin to create a new user in MongoDB?

I want to create a new user in MongoDB.
Do I do that by logging in as admin (use admin) and then using the command add user to create new user?
If no users created you can create new user without any authentification, but if you have created admin user for specific database you should authentifcate, and then perform any operation.
Documentation:
If no users are configured in
admin.system.users, one may access the
database from the localhost interface
without authenticating. Thus, from the
server running the database (and thus
on localhost), run the database shell
and configure an administrative user:
$ ./mongo
> use admin
> db.addUser("theadmin", "anadminpassword")
We now have a user created for
database admin. Note that if we have
not previously authenticated, we now
must if we wish to perform further
operations, as there is a user in
admin.system.users.
> db.auth("theadmin", "anadminpassword")
We can view existing users for the
database with the command:
> db.system.users.find()
Now, let's configure a "regular" user
for another database.
> use projectx
> db.addUser("joe", "passwordForJoe")