I'm tryin to login as user "overnet" on db "overnet" in mongodb;
I'm logged in the mongo shell as follow;
mongo -u root -p (password) --authenticationDatabase admin
and then typed:
use overnet
switched to db overnet
show users
{
"_id" : "overnet.overnet",
"user" : "overnet",
"db" : "overnet",
"roles" : [
{
"role" : "readWrite",
"db" : "overnet"
},
{
"role" : "dbOwner",
"db" : "overnet"
}
]
}
> db.auth(overnet, password)
2014-12-07T08:05:43.907+0100 ReferenceError: overnet is not defined
how can it say that "overnet" is not defined???
overnet not defined because not quoted. Try the following: db.auth("overnet", password)
Related
When you first install mongodb, there is no root user. You simply start mongo with (if on mac osx) "mongod --dbpath='/usr/local/var/mongodb'", and then run mongo in the shell and it will connect you without any authentication.
I create the admin user in the admin database:
> db
admin
> db.createUser({
"user" : "test1",
"pwd" : "test1",
"roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
})
> db.getUsers()
[
{
"_id" : "admin.test1",
"user" : "test1",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
Now I connect to mongo shell as admin user:
> db
admin
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "test1",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}
I start mongod with access control:
$ sudo mongod --auth --port 27017 --dbpath=.
Password:
2020-04-16T20:28:40.656-0400 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2020-04-16T20:28:40.672-0400 I CONTROL [initandlisten] MongoDB starting : pid=8441 port=27017 dbpath=. 64-bit
I even turned on security:
$ cd /usr/local/etc/
$ vim mongod.conf
security:
authorization: "enabled"
Yet I can simply login with just "mongo":
$ mongo admin
MongoDB shell version v4.0.4
connecting to: mongodb://127.0.0.1:27017/admin
Implicit session: session { "id" : UUID("95879725-00ed-4cee-bd43-8ba093df1e19") }
MongoDB server version: 4.0.4
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [ ],
"authenticatedUserRoles" : [ ]
},
"ok" : 1
}
This is wild. What else must I do? Unless there is some type of automatic login when logged into the ip the server is running on?
Some commands do not require authentication. Try reading or writing to a collection.
Authentication itself is performed via a sequence of commands (you can read about those here) therefore some of the commands must by necessity not require authentication.
Some commands return different responses based on whether a connection is authenticated. For example, try {ismaster:1} with and without authentication.
I added an 'admin' user in the admin db, with roles on admin db and another db :
[admin] user: yves>db.auth("isabelle", "abc123")
1
[admin] user: isabelle>db.getUser("isabelle")
{
"_id" : "admin.isabelle",
"user" : "isabelle",
"db" : "admin",
"roles" : [
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "cockpit"
}
]
}
I am testing that this user cannot admin the 'test' database ( updating a tester user email )
[admin] user: isabelle>use test
switched to db test
[test] user: isabelle>db.updateUser(
... "myTester",
... {
... customData: {email: "mytester#example.com"}
... }
... )
As 'isabelle' has no roles on 'test' db , she should not be allowed to update any user on this db ... (?)
but it is ...
[test] user: isabelle>db.getUser("myTester")
{
"_id" : "test.myTester",
"user" : "myTester",
"db" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
},
{
"role" : "read",
"db" : "reporting"
}
],
"customData" : {
"email" : "mytester#example.com"
}
}
what am I missing ?
do the isabelle' role 'userAdmin' on 'admin' db allow it ?
I tried to remove it, but it deosn(t change anything ...
I also tried to move isabelle in the cockpit database, with dbOwner role, it doesn't change anything... isabelle is still able to update myTester user in the test database...
how can I restrict isabelle to admin only the 'cockpit' db ( managing users and roles for this db ..?
thanks for enlightment ...
Add to your mongod.conf
security:
authorization: enabled
Also check this mongodb link.
I am logged in with the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
The following happens:
> use mydb
switched to db mydb
> db.dropUser("mydbReadWrite")
false
I suspect I do not have the roles, I am root?
It was correct, the user was somehow dropped before without notifying me(hmm...). So it returned false as the user did not exist.
may be you need switch to the db that you create the uesr "mydbReadWrite"
> use mydb
switched to db mydb
> show users
{
"_id" : "mydb.mydbReadWrite",
"user" : "mydbReadWrite",
"db" : "mydb",
"roles" : [
{
"role" : "readWrite",
"db" : "mydb"
}
]
}
> db.dropUser(mydbReadWrite)
2015-03-29T03:55:52.276+0200 E QUERY ReferenceError: mydbReadWrite is not defined
at (shell):1:13
I don't understand? I am logged in with a root user.
db.dropUser(mydbReadWrite)
instead use:
db.dropUser("mydbReadWrite")
In my mongodb I have this db Roles assigned to the user "master" in the "admin" db:
{
"_id" : "admin.master",
"user" : "master",
"db" : "admin",
"roles" : [
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "cars"
}
]
}
Now if I try to access to mongo from the command line to the "cars" db with:
mongo 127.0.0.1/cars -u "master" -p
after entering the password I get this error:
connecting to: 127.0.0.1/cars 2014-11-22T12:23:27.377+0000 Error: 18 {
ok: 0.0, errmsg: "auth failed", code: 18 } at
src/mongo/shell/db.js:1210 exception: login failed
If instead I try to access mongo with:
mongo 127.0.0.1/admin -u "master" -p
As a result I can login.
Why I can not connect directly to the db "cars"?
Thanks
Try using the --authenticationDatabase option:
mongo localhost/cars --authenticationDatabase admin -u master -p