I'm trying to create a user in mongo who can do anything in any db.
According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator
This is the code:
use admin
db.addUser( { user: "try1",
pwd: "hello,
roles: [ "userAdminAnyDatabase" ] } )
Then I stopped mongo, enabled the auth and restarted mongo.
Then I tried to create a database with his user.
According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
use fragola
db.users.save( {username:"fragolino"} )
And I get this: "not authorized for insert on fragola.users"
Anyone can help me?
from docs.mongodb.org-superuser-roles
Lets write answer that looks simple & also simple to implement
Steps :
1 : sudo apt-get install mongodb-org - in new terminal
2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb
3 : mongo --port 27017 - in new terminal
4 : use admin
5 : As #drmirror said a user should have all 4 roles to be superuser
For Mongo Version 2.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
For Mongo Version 3.
db.createUser(
{
user: "tom",
pwd: "jerry",
roles:["root"]
})
6 : sudo /etc/init.d/mongod stop OR sudo service mongod stop - in new terminal
7 : sudo /etc/init.d/mongod start OR sudo service mongod start
8 : restart your pc
9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb - in new terminal
10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin" - in new terminal
Note : step 10 is most important step .
it will give Output on terminal like
MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>
The role userAdminAnyDatabase gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).
However, the userAdminAnyDatabase role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:
readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin
A user who has the above three rights and userAdminAnyDatabase is a true super-user and can do anything.
Related
I've created an user on mongo db this is the comnand and the output
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]})
Successfully added user: {
"user" : "appuser",
"roles" : [
{
"role" : "readWrite",
"db" : "mydb"
}
]
}
but when I try to enter with this command
mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
I get this error
MongoDB shell version v4.4.4
Enter password:
connecting to: mongodb://127.0.0.1:27017/?authSource=mydb&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:374:17
#(connect):2:6
exception: connect failed
exiting with code 1
I created a root user and setted this option in /etc/mongod.conf
security:
authorization: enabled
is something wrong?
From the official document of mongodb here
The database where you create the user (in this example, test) is that user's authentication database.
The database where we create the user will be used in the command to connect to MongoDB. We need to run use [nameofdatabase] to select the database before creating the user.
So, if you want to use mydb as the authentication database, you need to run these commands :
use mydb;
db.createUser({user:"appuser",pwd:"12345",roles: [ { role: "readWrite", db: "mydb" }]});
Then you can connect to your MongoDB with : mongo --port 27017 -u "appuser" --authenticationDatabase "mydb" -p
how would you script the Dockerfile to create admin user for mongoDB 4.2 ?
Is there a one line command to create admin users not using an interactive subshell ? (didn't see any in mongoDB documentation)
Thanks for your help.
Passing MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD does not work anymore (removed from Docker hub mongo image documentation).
The mongo Docker hub documentation only shows interactive shell admin user creation.
> mongo admin
executes mongo interactive shell but how do you write a shell script to enter commands in that subshell from the top level shell ?
FROM mongo
RUN mongo admin ???? db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] });
The docker build process should display:
Successfully added user: {
"user" : "jsmith",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
OK, here's the way to add authetication via the Dockerfile.
create a init.js file:
db = new Mongo().getDB("admin");
// create admin user
db.createUser({
user: "admin",
pwd: "password",
roles: [
{
role: "clusterAdmin",
db: "admin"
}
]
});
// create non admin user
db.createUser({
user: "toto",
pwd: "123",
roles: [
{
role: "readWrite",
db: "tube"
}
]
});
create the Dockerfile:
FROM mongo
# init.js will be executed when the mongo instance runs
COPY ./init.js ./docker-entrypoint-initdb.d
build your docker image
docker build -t mongoAuth .
run the container (attached mode to see the logs)
docker run --name mongoContainer -p 27017:27017 mongoAuth
What I was missing was that I didn't set the database on which to create the users (admin database) by using:
db = new Mongo().getDB("admin");
I'm trying to create a CRUD database administrator.
From what I read from official documentation, there is a role readWrite, but I don't really got the process of creating an admin.
So I ran mongod without --auth and created a user with these parameters:
use myCustomDB
db.createUser({
user: "snoop",
pwd:"stickyickyicky",
roles:[{role:"readWrite", db:"myCustomDB"}]
});
The command line answered Successfully added new user blah blah..
but when I authenticate it returns 1, which, I suppose is true. But when I run command for example db.peops.find() it gives me this Error: error: { "$err" : "not authorized for query on myCustomDB.peops", "co de" : 13 }
It may be your find call. Try formatting like this:
db.getCollection('peops').find({})
If that's not it, it might be your auth schema. This may not be the best method, but I thought I would share the steps I take to setup a super admin and database specific admin, and a read only user. The all caps should be replaced with corresponding credential / db name:
1.Change Mongo Security Method
sudo service mongod start
mongo
use admin
db.system.version.remove({})
db.system.version.insert({ "_id" : "authSchema", "currentVersion" : 3 })
2.Create Super Admin User
use admin
db.createUser( { user: "SUPERADMINUSER", pwd: "SUPERADMINPASS", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
3.Create db Admin with read/write access
use DATABASE
db.createUser( { user: "DBADMIN", pwd: "DBPASSWORD", roles: [ { role: "userAdmin", db: "DATABASE" }, { role: "readWrite", db: "DATABASE" }] } )
db.createUser( { user: "DBREADONLYUSER", pwd: "DBREADONLYPASS", roles: [ { role: "read", db: "DATABASE" }] } )
4.Edit mongod.config in /etc folder
sudo service mongod stop
in mongod.config edit so that auth = true is not commented out.
5. Restart mongo, security in place
sudo service mongod start
***Troubleshooting: If you are running mongo 3.2 you can likely skip the db.system.version remove and insert commands, you may want/need to upgrade to SCRAM-SHA-1, if so run db.adminCommand({authSchemaUpgrade: 1}); set up users the same way as shown above, when editing your /etc/mongod.conf file instead of auth=true comment in security: and add authorization=true as follows:
security:
authorization: enabled
I created an admin user:
> db.createUser(
... {
... user: "administrator",
... pwd: "password",
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "administrator",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
and now i'm trying to use it for enter with:
ubuntu#***ip number***:/etc$ sudo mongo --port 27017 -u administrator -p password --authenticationDatabase admin
This is what returns:
MongoDB shell version: 3.0.7
connecting to: 127.0.0.1:27017/test
2015-10-27T15:33:25.670+0000 E QUERY Error: 18 Authentication failed.
at DB._authOrThrow (src/mongo/shell/db.js:1271:32)
at (auth):6:8
at (auth):7:2 at src/mongo/shell/db.js:1271
Mongo is installed into an Amazon EC2 machine with Ubuntu.
What is missing?
The userAdminAnyDatabase role allows the user to grant access (for itself, or any other users) to any other database, however, that does not automatically grant that admin user read/write permission on all those databases (though it can bestow them upon themselves). You can resolve your authentication issue by granting the user the additional role readAnyDatabase.
db.createUser(
{
user: "test1",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, {role:"readAnyDatabase",db:"admin"} ]
}
)
Link to MongoDB docs: Create a User Administrator
Change on mongod.conf ( stop first mongod service. Ex: sudo service mongod stop):
bindIp: 127.0.0.1
for:
bindIp: 0.0.0.0
Now you can restart (Ex:sudo service mongod start)
Now you can enter in the same machine normally typing mongo, but for example, if you try to do it with robomongo gui before makes the test success the ip but don't success the user login. The user and login was created before with a pwd and roles for userAdminAnyDatabase and readAnyDatabase.
Now just type in your machine:
mongo --host (ip number here) --port 27017 -u username -p password --authenticationDatabase admin
And connect to remote Database.
I'm trying to create a mongoDB user on a DigitalOcean droplet. I tried a lot of combinations, but basically, I can't make this work.
To start the service, I use mongod --noauth. Below is the command I used:
use admin
db.createUser( { user: "userhere", pwd: "passhere", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
I restarted the service and tried to connect using:
mongo admin --port 61370 --host <host> -u userhere -p
Enter password:
2015-01-21T13:30:17.279-0500 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
It doesn't connect.
Does anyone know the step-by-step on how to create a user on MongoDB?
You must create the user with the appropriates privileges. So you should connect to your mongo instance with :
mongo -u siteUserAdmin -p password
See the documentation as well : http://docs.mongodb.org/manual/tutorial/add-user-to-database/
Try specifying -authenticationDatabase option
mongo -u mongoadmin -p password -authenticationDatabase admin