Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

When creating first admin user on mongdb cluster getting error "couldn't add user: not authorized on admin to execute command"

Tags:

mongodb

I am using mongoDB Cluster with version 3.4 in google cloud compute engine, actually past week my database got attacked by hackers that's why i thought about using authorization so that i can avoid these types of attack. Now to add Authorizations i saw this article how-to-create-mongodb-replication-clusters, now i have added a keyfile with chmod 0600 on each of my cluster node, but now when i am trying to add my first admin user i am getting below error

use admin
switched to db admin
rs0:PRIMARY> db.createUser({user: "RootAdmin", pwd: "password123", roles: [ { role: "root", db: "admin" } ]});
2017-01-21T18:19:09.814+0000 E QUERY    [main] Error: couldn't add user: not authorized on admin to execute comm
and { createUser: "RootAdmin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writ
eConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
@(shell):1:1

I have searched everywhere but haven't found anything on why i am getting this error.

Can anyone please help me how can i solve this error.

UPDATE My config file is given below for each of the instances

Secondary Server Config

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: false
   #engine:
  mmapv1:
    smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:

Arbiter Server Config

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:

#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:

Primary Server Config

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:

#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
like image 743
Prakash Kumar Avatar asked Jan 21 '17 19:01

Prakash Kumar


1 Answers

You have to change your mongod.conf file to disable authorization before creating such admin user

security:
  authorization: disabled

After that, restart the mongod service and open mongodb shell to create the admin user

use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})

Remember to enable authorization back on after creating user.

like image 150
Dee Avatar answered Oct 11 '22 17:10

Dee