In my mongodb I have this db Roles assigned to the user "master" in the "admin" db:
{
"_id" : "admin.master",
"user" : "master",
"db" : "admin",
"roles" : [
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "cars"
}
]
}
Now if I try to access to mongo from the command line to the "cars" db with:
mongo 127.0.0.1/cars -u "master" -p
after entering the password I get this error:
connecting to: 127.0.0.1/cars 2014-11-22T12:23:27.377+0000 Error: 18 {
ok: 0.0, errmsg: "auth failed", code: 18 } at
src/mongo/shell/db.js:1210 exception: login failed
If instead I try to access mongo with:
mongo 127.0.0.1/admin -u "master" -p
As a result I can login.
Why I can not connect directly to the db "cars"?
Thanks
Try using the --authenticationDatabase option:
mongo localhost/cars --authenticationDatabase admin -u master -p
Related
I do not use MongoDB before, after set everything up, my mongoDB has been hacked for 1 second, please help me answer my question: "how to secure my mongoDB?"
To Secure MongoDB you need to :
enable security (in mongod.conf file),
create database user for authentication ,
you can change port 27001 (default) to any port like 27000 (in mongod.conf file)
you can add specific ip address to allow to connect and access your database (in mongod.conf file).
you need to find out mongod.conf and open it . (google it out where is mongod.conf is stored in your pc windows/mac/ubuntu)
security:
authorization: enabled
Shutdown the MongoDB instance on port 27001
mongo admin --port 27001 --eval 'db.shutdownServer()'
Restart the MongoDB instance with the new configuration
mongod -f mongod.conf
Create the first user on the admin database with the following
mongo
>use admin
db.createUser({
user: "USER_NAME_HERE",
pwd: "PASSWORD_HERE",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});
example :
db.createUser({
user: "AdminUser",
pwd: "57d49$4%0beqwe#adb4d",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});
after that run following to check user is authenticated
Syntax : db.auth( "USER_NAME_HERE", "PASSWORD_HERE" )
db.auth( "AdminUser", "57d49$4%0beqwe#adb4d" )
To Check Users :
db.getUsers()
It will return :
[
{
"_id" : "admin.AdminUser",
"userId" : UUID("31ccb892-d3ef-46b6-8ac1-2e9b5be11892"),
"user" : "globalAdminUser",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
Now your database is secured and only authenticated user can access it .
you can connect mongo with folowing :
mongo admin --port 27001 --username 'AdminUser' --password '57d49$4%0beqwe#adb4d'
I installed Locally on mac. Created user superuser with root privledges as per MongoDB Docs:https://docs.mongodb.com/guides/server/auth/#procedure
> db.createUser({user:"superuser",pwd:"strongPassword",roles:["root"]})
Successfully added user: { "user" : "superuser", "roles" : [ "root" ] }
> show users
{
"_id" : "admin.superuser",
"userId" : UUID("f873bafd-8d9b-4d2d-95a2-95d9e05db25d"),
"user" : "superuser",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
launch it with
resulting in running mongodb instance:
"ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"off"}}
then I mongo --port 27017
use admin
response: switched to db admin
here's the kicker:
I input
db.auth("superuser","strongPassword")
and then
0```
This is the output in the running mongod client:
```{"t":{"$date":"2021-03-15T14:41:11.167-05:00"},"s":"I", "c":"ACCESS", "id":20251, "ctx":"conn1","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":"superuser#admin"}}
{"t":{"$date":"2021-03-15T14:41:11.168-05:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn1","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","principalName":"superuser","authenticationDatabase":"admin","client":"127.0.0.1:51532","result":"UserNotFound: Could not find user \"superuser\" for db \"admin\""}}
Please help me? Seems pretty straightforward what my problem is here. Followed the mongoDb docs exactly, and then just totally failing to see my user. What's the trick here?
Admin user permission:
db.getUsers()
[
{
"_id" : "admin.myself",
"user" : "myself",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "reports"
},
{
"role" : "dbAdmin",
"db" : "places"
}
],
"customData" : {
}
}
]
I am able to authenticate into my remote mongo db like,
mongo --host <hostname> -u "myself" -p "myself" --authenticationDatabase "admin"
I am also able to do a dump remotely like
mongodump --host <hostname> --port 27017 --username "myslef" --password "myself" --out home/myself/mongodb-backup
But when I modify some collection on the db and try to restore it like the below code, it does not work and throws an auth error.
mongorestore --host <hostname> -u "myself" -p "myself" home/myself/mongodb-backup/
Error:
Failed: error getting auth version of server: not authorized on admin to execute command { getParameter: 1, authSchemaVersion: 1 }
You should add root role to your admin like this
db.grantRolesToUser( "myAdmin", [ "root" ])
And only after that you can restore from backup
Mongo backup docs recommend creating a specific user with the backup role and another with the restore role.
Presumably using a user with the restore role, or granting the restore role to the user you are using at the moment would solve your problem.
db.createUser({
user: "myself", pwd: "8eUEkdiKlP",
roles: [{role: "readWrite", db: "admin"}]
});
Although the first link does mention that some additional privileges are required if you are trying to restore the system.profile collection.
I would like to create a mongo user who can read local database. I try to use command on local database:
db.createUser(
{ user: "readonlyuser", pwd: "loh8Ephi",
roles: [ { role: "read", db: "local" } ]
})
But - it doesn't work. I receive:
connecting to: local
2015-12-21T14:08:07.904+0100 Error: couldn't add user: Cannot create users in the local database at src/mongo/shell/db.js:1054
I've tried to create that user against admin database:
> use admin
switched to db admin
> db.createUser(
... { user: "readonlyuser", pwd: "loh8Ephi", roles: [ { role: "read", db: "local" } ] })
Successfully added user: {
"user" : "readonlyuser",
"roles" : [
{
"role" : "read",
"db" : "local"
}
]
And now i try to connect:
undefine#machine:~$ mongo -u readonlyuser -p loh8Ephi local
MongoDB shell version: 2.6.11
connecting to: local
2015-12-21T15:35:19.190+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1292
exception: login failed
How to create readonly user who have access only to local database?
According the documentation, you cannot create users on the local database. Instead you can run your createUser query against the admin database:
use admin
db.createUser(
{ user: "readonlyuser", pwd: "loh8Ephi",
roles: [ { role: "read", db: "local" } ]
})
Please note that you will have to authenticate against the admin database when connecting.
I would do it like below
use admin
db.getSiblingDB("local").runCommand( { "createUser" : "mongoread", "pwd": "read0nly", "customData" : { "description": "mongo readonly user" }, "roles" : [ {"role" : "read","db" : "local"}] },{ w: "majority" , wtimeout: 5000 } );
I'm tryin to login as user "overnet" on db "overnet" in mongodb;
I'm logged in the mongo shell as follow;
mongo -u root -p (password) --authenticationDatabase admin
and then typed:
use overnet
switched to db overnet
show users
{
"_id" : "overnet.overnet",
"user" : "overnet",
"db" : "overnet",
"roles" : [
{
"role" : "readWrite",
"db" : "overnet"
},
{
"role" : "dbOwner",
"db" : "overnet"
}
]
}
> db.auth(overnet, password)
2014-12-07T08:05:43.907+0100 ReferenceError: overnet is not defined
how can it say that "overnet" is not defined???
overnet not defined because not quoted. Try the following: db.auth("overnet", password)