Menu
Now I have a mongoDB in my computer,locates at c:\mongodb\bin. At first, it is auth disable. so when I press:
C:\Windows\system32>mongo
There is some warnings:
2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] ** WARNING: Access contr ol is not enabled for the database. 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] **
Read and wri te access to data and configuration is unrestricted.
So I tried to add access control to mongoDB. What I did are:
C:\mongodb\bin>use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
But after I did above, still I can log in MongoDb without username and pwd. Even after I restart the mongoDB service, or restart the computer. eg:
C:\Windows\system32>mongo MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.9 Server has startup warnings: 2018-03-28T16:53:43.515+0800 I CONTROL [initandlisten] 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] ** WARNING: Access contr ol is not enabled for the database. 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] ** Read and wri te access to data and configuration is unrestricted. 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] Hotfix KB2731284 or late r update is not installed, will zero-out data files. 2018-03-28T16:53:43.516+0800 I CONTROL [initandlisten] > show dbs admin 0.000GB local 0.000GB > use admin switched to db admin >
The only way that I can make the mongodb change to authentication is delete the mongodb service and install this service again by using follwoing script:
C:\mongodb\bin>sc delete MongoDB C:\mongodb\bin>mongod --dbpath C:\mongodb\data --logpath C:\mongodb\log\MongoDB.log --auth --install
But If I use this way to create the auth mongoDB, when I try to login without username and pwd, it will faied as below:
C:\Windows\system32>mongo MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.9 > show dns 2018-03-28T17:59:06.344+0800 E QUERY [thread1] Error: don't know how to show [dns] : shellHelper.show@src/mongo/shell/utils.js:906:11 shellHelper@src/mongo/shell/utils.js:659:15 @(shellhelp2):1:1 > show dbs 2018-03-28T17:59:10.073+0800 E QUERY [thread1] Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13, "codeName" : "Unauthorized" } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1 shellHelper.show@src/mongo/shell/utils.js:769:19 shellHelper@src/mongo/shell/utils.js:659:15 @(shellhelp2):1:1 >
So I can NOT create a user and pwd for this mongoDB. How could I login?
Anybody can tell me how to do the setting step by step to make my mongoDB to authentication? or delete a old mongoDB and create a new one with authutication and also with username and pwd?
I will get an exception below if I tried to set a without auth mongoDB and auth one.
C:\Windows\system32>mongod --auth --port 27017 --dbpath C:\mongodb\data 2018-03-28T16:49:43.874+0800 I CONTROL [initandlisten] MongoDB starting : pid=7 988 port=27017 dbpath=C:\mongodb\data 64-bit host=wolf-PC ..... 2018-03-28T16:49:43.877+0800 I STORAGE [initandlisten] exception in initAndList en: 98 Unable to create/open lock file: C:\mongodb\data\mongod.lock Another program is using this file.... Is a mongod instance already running?, terminating
I checked the questions: MongoDB: Server has startup warnings ''Access control is not enabled for the database''
which I failed to follow with step4 on above excpetion.
MongoDB: Server has startup warnings
I got the same exception.
So anyone can give me a detail soultion?
523
Authentication is the process of verifying the identity of a client. When access control (authorization) is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.
To authenticate as a user, you must provide a username, password, and the authentication database associated with that user. To authenticate using the mongo shell, either: Connect first to the MongoDB or mongos instance. Run the authenticate command or the db.
The reason why authentication is not working in your first example is because you have not yet enabled it. Auth is enabled by configuration only and not by the presence of db users. As you already demonstrated, the way to enable auth is to either start the db with the --auth flag or ensure that authorization is enabled within the security section of your mongod.conf file (like below).
security:
authorization: enabled
Once authorization is enabled, you must authenticate first before performing any operations by using the below options when you start the shell.
mongo <db> -u <username> -p <password>
For example, since you already created your myUserAdmin user on the admin database, then you can authenticate like this:
mongo admin -u myUserAdmin -p abc123
Or, if you have already started the shell with just mongo, then you can authenticate like this:
1) First switch to the admin db.
use admin
2) Then authenticate your user:
db.auth('myUserAdmin ', 'abc123')
Also, keep in mind that the userAdminAnyDatabase is a very powerful admin role, but it only allows read/write access to the admin database (not databases that you create to store data for your app). It also enables admin operations (e.g. createUser, createRole, etc) across ALL databases which could be dangerous if compromised.
So, if you are trying to create a user to read/write from a non-system database, then you should create a different, specific user for that. For Example...
1) authenticate your admin user (like what was shown above).
2) create a new user to read/write from your app database:
db.createUser(
{
user: <app db user>,
pwd: <password>,
roles: [ { role: "readWrite", db: <app db> } ]
}
);
Here is more detail about each of the mongodb roles and how they behave.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
