Note: This article was written in 2013 for MongoDB 2.2. For newer MongoDB versions (4.x and later), see bottom of the article.
In the last days I've made my first steps with MongoDB, a NoSQL database application server. Having known relational databases like MySQL and PostgreSQL for quite some years now, the syntax change is huge. It's like you know how to ride a bike, but now you need to learn how to ride it backwards. Yep - it's not that easy but it's learnable.
Without going too much into detail, I had problems creating a full database admin user, like "root" in MySQL. In the official MongoDB documentation there is a section "Create a User Administrator" , but I kind of misinterpreted the chapter. I thought, that by following the steps on the documentation, I would now create a user with full administrator rights:
> use admin
switched to db admin
> db.addUser( { user: "theadmin", pwd: "mypassword", roles: [ "userAdminAnyDatabase" ] } )
{
"user" : "theadmin",
"pwd" : "02cdbcb825fda3c0824be229afa605e8",
"roles" : [
"userAdminAnyDatabase"
],
"_id" : ObjectId("51f02bbccff158b61e938109")
}
But when I added "auth = true", restarted MongoDB and tested the authentication, I couldn't even list the databases:
> use admin
switched to db admin
> db.auth("theadmin","mypassword")
1
> show dbs
Wed Jul 24 21:42:47.367 JavaScript execution failed: listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:L46
The reason is pretty simple if you re-read the chapter and understand the phrase differently. "User Administrator" actually means an administrator only for administrating the users, not the databases itself.
To create a "real" database administrator user (with all rights over all databases), there are four roles essential which need to be assigned:
> db.addUser( { user: "theadmin",
... pwd: "mypassword",
... roles: [ "userAdminAnyDatabase", "readWriteAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin" ] } )
{
"user" : "theadmin",
"pwd" : "02cdbcb825fda3c0824be229afa605e8",
"roles" : [
"userAdminAnyDatabase",
"readWriteAnyDatabase",
"dbAdminAnyDatabase",
"clusterAdmin"
],
"_id" : ObjectId("51f02f623e8b142dc117aa76")
}
Important: The role "clusterAdmin" is also required in a single MongoDB server. So let's try it again with a new authentication:
> use admin
switched to db admin
> db.auth("theadmin","mypassword")
1
> show dbs
admin 0.203125GB
local 0.078125GB
test 0.203125GB
testdb 0.203125GB
That looks good!
I fell a couple of times off the bike already and I will continue to fall - but eventually I will learn how to master the bike. =)
Updated February 1st 2022
The above commands were written in 2013 for MongoDB 2.2. Meanwihle the syntax has changed. Since MongoDB 2.6, the function addUser() has been replaced by createUser(). The following command was successfully used in MongoDB 4.4:
> admin = db.getSiblingDB("admin")
admin
> admin.createUser( { user: "theadmin", pwd: "secret", roles: [ "userAdminAnyDatabase", "readWriteAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin" ] } )
Successfully added user: {
"user" : "theadmin",
"roles" : [
"userAdminAnyDatabase",
"readWriteAnyDatabase",
"dbAdminAnyDatabase",
"clusterAdmin"
]
}
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder