I am running mongd with Auth enabled
mongod --auth
I have a read write user on a DB.
db.system.users.find()
Logs -
{ "_id" : "products_development.user_rw", "user" : "user_rw", "db" : "products_development", "credentials" : { "MONGODB-CR" : "0e857eaebba13dca9b53eb4440ab1657" }, "roles" : [ { "role" : "readWrite", "db" : "products_development" } ] }
I am able to login with the above user credentials using mongo client - Authentication works fine
mongo -uuser_rw -p123456 --authenticationDatabase products_development
Reading the tables inside the collection works as well
use products_development
db.table1.find()
So the user is getting Authorised.
But when i try to Read from Reactivemongo i am getting the below error.
assertion 13 not authorized for query on products_development.table1 ns:products_development.table1 query:{ _id: ObjectId('5564ba210b00009900150c72') }
Authentication is working fine connection is getting setup.
I am using 0.10.5.0.akka23 version, mongodb 2.6.8.
Related
I installed Locally on mac. Created user superuser with root privledges as per MongoDB Docs:https://docs.mongodb.com/guides/server/auth/#procedure
> db.createUser({user:"superuser",pwd:"strongPassword",roles:["root"]})
Successfully added user: { "user" : "superuser", "roles" : [ "root" ] }
> show users
{
"_id" : "admin.superuser",
"userId" : UUID("f873bafd-8d9b-4d2d-95a2-95d9e05db25d"),
"user" : "superuser",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
launch it with
resulting in running mongodb instance:
"ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"off"}}
then I mongo --port 27017
use admin
response: switched to db admin
here's the kicker:
I input
db.auth("superuser","strongPassword")
and then
0```
This is the output in the running mongod client:
```{"t":{"$date":"2021-03-15T14:41:11.167-05:00"},"s":"I", "c":"ACCESS", "id":20251, "ctx":"conn1","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":"superuser#admin"}}
{"t":{"$date":"2021-03-15T14:41:11.168-05:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn1","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","principalName":"superuser","authenticationDatabase":"admin","client":"127.0.0.1:51532","result":"UserNotFound: Could not find user \"superuser\" for db \"admin\""}}
Please help me? Seems pretty straightforward what my problem is here. Followed the mongoDb docs exactly, and then just totally failing to see my user. What's the trick here?
I have an application scenario where 3 meteor applications are using a mongo database replication set. A machine is allocated to run each meteor application. A single mongo database is running on each machine. Each application (the server) is supposed to access a collection in the local mongo database.
The server creates a connection to the local database collection as follows:
const url = "myUser:myPass#localhost:27017/local?authSource=admin"
const MyCollection = new Mongo.Collection('myCollection', { _driver: new MongoInternals.RemoteCollectionDriver(url) });
2 of the 3 meteor applications, i.e. the application connected to the primary database and secondary database are able to read/write from/to the collection.
However, the meteor application connected to the arbiter database runs into issues when it tries to execute the following code in the meteor startup function:
MyCollection.update({}, { $unset: { myData1: '', myData2: '' }}, { upsert: true });
It produces the following exception:
not authorized on local to execute command { find: "myCollection", filter: {}, limit: 1 }
I can use the URL declared in the url variable to connect to a mongo shell and perform reads and writes on the same collection in the local database.
When I checked the user permissions this is what I see in the mongo shell:
{
"_id" : "admin.myUser",
"user" : "myUser",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "meteorDB"
},
{
"role" : "readWrite",
"db" : "local"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
}
]
}
Therefore, it appears as if the user has the correct permissions.
Also, if I disable mongo DB security then the meteor application does not throw any exceptions.
I was wondering if someone could point out if I’m doing something wrong. Any help is much appreciated.
I'm using MongoDB 3.0.7. I have a database called bravegoat and a read-only user called bravegoat-r.
I connect via shell:
mongo localhost:27017/bravegoat -u bravegoat-r -p mypassword
I switch to my database:
use bravegoat;
And I run:
db.runCommand({connectionStatus : 1})
Which outputs:
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "bravegoat-r",
"db" : "bravegoat"
}
],
"authenticatedUserRoles" : [
{
"role" : "read",
"db" : "bravegoat"
}
]
},
"ok" : 1
}
Only read role, so it looks fine, but when I invoke .save(), my user can insert data. I've read few pages about creating read-only users and I'm not able to see my problem. I'm starting to think it might be a bug in my version.
You have to enable client access control by doing the following:
Edit the /etc/mongod.conf file
Add the following lines
security:
authorization: enabled
Restart MongoDB:
sudo service mongodb restart
Currently I've got a siteUserAdmin authenticated on the admin database:
{
"_id" : "admin.siteUserAdmin",
"user" : "siteUserAdmin",
"db" : "admin",
"credentials" : {
"MONGODB-CR" : "...."
},
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
When I run:
use admin;
db.auth('siteUserAdmin', 'supersecret');
Everything authenticates just fine.
However when I then do:
use myotherdb
db.addUser({ user: 'chris', pwd: 'anothersecretpassword', roles: ['dbOwner']});
It doesn't add the user, I get the following:
couldn't add user: not authorized for insert on admin.system.users at src/mongo/shell/db.js:128
What am I doing wrong? This all looks nuts.
FYIL I'm using MongoDB version 2.6.10.
Random side note: weirdly createUser isn't a function, even though according to the MongoDB docs it was added in 2.6.
I was seeing this exact error in Robomongo 0.8.5. I copy/pasted the command to the the Mongo cli client and it worked fine.
Authenticated as siteUserAdmin to admin db on both clients.
Hopefully this helps someone else.
I am the admin of a MongoDB 2.4 which is in production. When I am trying to activate profiling on some databases, it returns:
{ "ok" : 0, "errmsg" : "unauthorized" }
all the other profile-related commands return also a sort of unauthorized error messages.
my admin roles and rights are as follows:
{ "_id" : ObjectId("..."), "pwd" : "...", "roles" : [ "userAdminAnyDatabase", "readWriteAnyDatabase", "clusterAdmin" ], "user" : "admin" }
Do I need any other role to be able to profile, or there is another problem?
You need to add the dbAdminAnyDatabase role:
dbAdminAnyDatabase
dbAdminAnyDatabase provides users with the same access to database
administration operations as dbAdmin, except it applies to all logical
databases in the MongoDB environment.
http://docs.mongodb.org/v2.4/reference/user-privileges/