I'm rather new with MongoDB and I'm trying to add a admin account into my MongoDB whithout any users at this point.
Using this command: mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
I receive this error:
Kind regards.
Let me explain the reason why its not working. mongo db refers to users collection to validate the login user.
By default mongodb doesnt provide any user login like manager, using which your were trying to login
Thus the below command is not working
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
To make the below command to work. You need to add user "manager" to mongodb user collection.
To create user run the below command:
db.addUser( { user: "manager",
pwd: "123456",
roles: [ "userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
] } )
Once you have the user created, below command work.
mongo --port 27017 -u manager -p 123456 --authenticationDatabase admin
Related
I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test
Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so:
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID(\"a1d5bc0d-bc58-485e-b232-270758a89455\") }, $db: \"admin\" }"
I have been on many online sources to help fix this issue but no luck, is there a way to resolve this issue? Seems like my user can't access the admin database, is there a way to grant this access to my user so I can run the necessary commands like show dbs?
Any help is much appreciated! :)
In order to run show dbs command and if the user has access to multiple databases, first the user should be created on the admin database (this is because listDatabases action is a cluster wide operation). Also the user should be given access to this operation. In order to do that, a new role should be created with the action. Below are the steps for the same:
//login as admin with --authenticationDatabase "admin" (assumption is that admin user is with root privileges) and then run the below:
use admin;
db.runCommand({ createRole: "listDatabases", privileges: [{ resource: { cluster : true }, actions: ["listDatabases"]} ], roles: [] });
db.createUser({user:"testUser", pwd:"passwd", roles:[{role:"read", db:"db1"},{role:"read", db:"db2"},{ role: "listDatabases", db: "admin" }]});
//exit as admin user and login as testUser: note the --authenticationDatabase "admin"
mongo -u "testUser" -p --authenticationDatabase "admin"
after logging in run the command below and it should list all the databases:
show dbs;
The below will work fine even though user is not given access to admin database:
use admin;
But then the below will give error:
show collections;
The problem is related the database you are using with the --authenticationDatabase parameter.
You are connecting to mongo with the user of your test database who has no privileges to execute listDatabase commands.
Let's do this using the admin db as auth db
mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase admin
and then run the command
show dbs
I know this is a basic security measure, but I can't make it works with my mongodb installation. Each time I run the command :
mongorestore dump_folder -u "username" -p "password"
It returns:
error reading database: not authorized on DATABASE_NAME to execute command { listCollections: 1, cursor: { batchSize: 0 } }
My question is : What is the permission that I need to enable and how ?
For the time being, I just turn off the Mongo's security in /etc/mongod.conf and start it back after I restore/dump my databases.
Additional Note:
This is how I prepared my databases and its user
I log in with my admin account, create a database, named DATABASE001
And create a user:
use DATABASE001
db.createUser({
user: "USER001",
pwd: "mypassword",
roles:[ { role: "readWrite", db: "DATABASE001" },"dbAdmin" ]
})
For roles, I add readWrite to DATABASE001 and also dbAdmin
I want this user (USER001) be able to backup or restore his database (DATABASE001).
I tested it by login with this command. It successfully logged in
mongo localhost -u USER001 -p mypassword --authenticationDatabase DATABASE001
I want to dump this database content with:
mongodump -u USER001 -p mypassword --authenticationDatabase DATABASE001
it throws me an error:
Failed: error getting database names: not authorized on admin to execute command { listDatabases: 1 }
What is this listDatabases ? how can I add it to my roles?
$ mongorestore --username adminUser --password pass123 --authenticationDatabase admin --db exampleDB dump/exampleDB
Ive downloaded a project using MongoDB and im having trouble getting set up. From the terminal where ive run mongod I see this error:
2017-05-26T14:51:22.908+0800 I ACCESS [conn21] SCRAM-SHA-1 authentication failed for user on wesbostest from client 127.0.0.1:51653 ; UserNotFound: Could not find user user#wesbostest
From my npm start terminal mongoose logs out this error: Authentication failed.
My environment file has this line:
DATABASE=mongodb://user:pass#localhost:27017/wesbostest
Ive got MongoDB Compass installed. It successfully connects with these settings:
Hostname: localhost
Port: 27017
Authentication: None
SSL: Off
SSH Tunnel: Off
So I think the user:pass part of the environment file is wrong? How can I see what local username and password are and/or set them if no authentication is set up?
I solved this by setting a username and password for MongoDB:
MongoDB what are the default user and password?
Procedure
Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db1
Connect to the instance.
mongo --port 27017
Create the user administrator.
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db1
Authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" \
--authenticationDatabase "admin"
I did the following
-- `sudo apt-get install mongodb-org`
-- go to `etc/mongod.conf` change bindIp to: `0.0.0.0`
-- sudo mkdir /data/db
-- start without auth to create user
`sudo mongod --port 27017 --dbpath /data/db`
-- open shell with : mongo --port 27017
```
> use admin
> db.createUser( { user: "useradmin", pwd: "mypassword", roles: [ { role: "root", db: "admin" } ] } )
```
-- Restart with auth required(ctrl+c the above mongod process):
`sudo mongod --auth --port 27017 --dbpath /data/db'
-- To open shell(ctrl+c above mongo shell):
`mongo --port 27017 -u useradmin -p mypassword --authenticationDatabase admin`
my mongoengine_settings.py
```PYTHON
from mongoengine import connect
DATABASE = 'tracking'
USERNAME = 'useradmin'
PASSWORD = 'mypassword'
HOST = 'mongodb://localhost/tracking'
PORT = 27017
connect(DATABASE,
username=USERNAME,
password=PASSWORD,
host=HOST,
port=PORT
)
```
now when i try to bulk insert some data using mongoengine that works fine if i don't have --auth enabled, otherwise it throws the following error:
OperationFailure(u'command SON([(\'createIndexes\', u\'order\'), (\'indexes\', [{\'unique\': True, \'background\': False, \'sparse\': False, \'key\': SON([(\'order_id\', 1)]), \'name\': u\'order_id_1\'}])]) on namespace tracking.$cmd failed: not authorized on tracking to execute command { createIndexes: "order", indexes: [ { unique: true, background: false, sparse: false, key: { order_id: 1 }, name: "order_id_1" } ] }',)
what am i doing wrong?
MongoDB users are created in a specific database rather than at the instance level. Once created users can be granted different roles for different databases. The database a user is created in is called their authentication database
Because usernames are not unique (only the combination of username and authentication database is) you can create two users with the same name in different databases with different roles and passwords. This also means that when connecting you need to specify the authentication database as well as the username and password.
This is why after creating the useradmin user in the admin database you needed to run this command:
mongo --port 27017 -u useradmin -p mypassword --authenticationDatabase admin
to connect the MongoDB shell to the default database test.
If you don't specify the authentication database explicitly then MongoDB assumes the database you are connecting to is also the authentication database. So connecting to the admin database like this would have worked:
mongo --port 27017 -u useradmin -p mypassword admin
and these three commands are effectively the same and all will return an "Authentication failed" error :
mongo --port 27017 -u useradmin -p mypassword
mongo --port 27017 -u useradmin -p my password test
mongo --port 27017 -u useradmin -p my password test --authenticationDatabase test
To connect from Python, if you use MongoClient and pass it a complete MongoDB URI, the connection string can include optional parameters. One of the options is authSource (the the database name associated with the user’s credentials) which is obviously what you need: connection options.
Your URI will look something like this:
MdbURI = "mongodb://useradmin:mypassword#localhost:27017/tracking?authSource=admin"
client = MongoClient(MdbURI)
Here's a means of connecting and authenticating with pymongo:
from pymongo import MongoClient
# MongoDB connection info
hostname = '10.20.30.40'
port = 27017
username = 'adminUserName'
password = 'secret'
databaseName = 'someDB'
# connect with authentication
client = MongoClient(hostname, port)
db = client[databaseName]
db.authenticate(username, password)
I use the latest mongo, and try to set the SuperUserAdmin as described in the Mongo Doc.
1) Start ./mongod --dbpath ../data without auth
2) Run ./mongo
3) [mongo shell]: use admin
4) [mongo shell]: db.addUser( { user: "admin",
pwd: "abcde1234",
roles: [ "userAdminAnyDatabase" ] } )
5) [mongo shell]: db.shutdownServer()
then i restart mongod with auth:
6) ./mongod --auth --dbpath ../data
7) Run mongo (as localhost) again: ./mongo -u admin -p abcde1234
Then i get this error:
Javascript executiion failed: Error: 18 {code:18, ok:0.0, errmsg: 'auth fails'} at src/mongo/shell/db.js:L228
I tried different username &password, same thing..
what am i missing? I'm running on my Mac.
anyone has any idea?
Role userAdminAnyDatabase allows for users administration only. This is why if new account has only this role, it can be authenticated only to database "admin", i.e. mongo -u admin -p abcde1234 localhost/admin should work.
You probably want to add role dbAdminAnyDatabase as well.
try
mongo admin -u admin -p abcde1234
otherwise you will connect to test database and admin can't.