Menu
I upgraded from 2.4 to 2.6 and authentication broke. This tutorial seems pretty straightforward but I keep getting locked out of my own database. My situation is pretty simple, I have a single Mongo server and need one user/pwd combination to connect.
First I connect via the localhost exception as mentioned. Then I create the admin user as suggested:
use admin
db.createUser(
{
user: "myadmin",
pwd: "mysecret",
roles:
[
{
role: "userAdminAnyDatabase",
db: "admin"
}
]
}
)
Now it's time to add new users so to sanity check myself, I logout of the shell. Now when I type "mongo" it fails. That used to work but OK, it's not seeing a username password and I guess the localhost exception isn't there anymore so I follow the instructions outlined here:
mongo --port 27017 -u myadmin -p mysecret --authenticationDatabase admin
And I get:
MongoDB shell version: 2.6.0
connecting to: 127.0.0.1:27017/test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
>
Any idea on how to:
Setup Mongo 2.6 so I can easily go in and out of the shell managing the databases (I would think this is the "system user administrator")
Enable a user from a remote client to connect? (Just the mongo side, no help needed with iptables ...)
Thanks!
385
MongoDB: db.grantRolesToUser() method is used to grants an additional role and its privileges to a user. The name of the user to whom to grant roles. An array of additional roles to grant to the user. The level of write concern for the modification.
In MongoDB, users are created using createUser() method. This method creates a new user for the database, if the specified user is already present in the database then this method will return an error.
Apparently the "system user administrator" isn't enough. Create a root user:
> db.createUser({user:"someadmin",pwd:"secret", roles:[{role:"root",db:"admin"}]})
Then add your database user:
> use some_db
> db.createUser(
{
user: "mongouser",
pwd: "someothersecret",
roles: ["readWrite"]
}
)
More details on this gist. Comments on gist and better answers on SO welcome - I'm not a sys admin
76
1) The role that you assign the admin user- userAdminAnyDatabase - doesn't have unlimited privileges. It's just a role that is allowed to create and manage users on any database. Apparently, by default it is restricted from executing certain commands that are not directly related to managing database users (such as fetching the startup warnings from the log, querying the server status, etc.).
You can use the 'root' role instead as Tony suggests. If you are going to use the root account to do setup and management and then just have a few basic read/write privileged accounts talking to the database, this probably makes the most sense.
2) In general, connecting on the client side just requires calling the db.authenticate() function after connecting from your client code. There are different ways to do this depending on the driver/language that you are using for a client. The node.js driver code is pretty typical: http://mongodb.github.io/node-mongodb-native/api-generated/db.html#authenticate
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
