How do I add an admin user to Mongo in 2.6?

StackOverflow https://stackoverflow.com//questions/23003391

  •  20-12-2019
  •  | 
  •  

Question

I upgraded from 2.4 to 2.6 and authentication broke. This tutorial seems pretty straightforward but I keep getting locked out of my own database. My situation is pretty simple, I have a single Mongo server and need one user/pwd combination to connect.

First I connect via the localhost exception as mentioned. Then I create the admin user as suggested:

use admin
db.createUser(
  {
    user: "myadmin",
    pwd: "mysecret",
    roles:
    [
      {
        role: "userAdminAnyDatabase",
        db: "admin"
      }
    ]
  }
)

Now it's time to add new users so to sanity check myself, I logout of the shell. Now when I type "mongo" it fails. That used to work but OK, it's not seeing a username password and I guess the localhost exception isn't there anymore so I follow the instructions outlined here:

mongo --port 27017 -u myadmin -p mysecret --authenticationDatabase admin

And I get:

MongoDB shell version: 2.6.0
connecting to: 127.0.0.1:27017/test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
>

Any idea on how to:

  1. Setup Mongo 2.6 so I can easily go in and out of the shell managing the databases (I would think this is the "system user administrator")

  2. Enable a user from a remote client to connect? (Just the mongo side, no help needed with iptables ...)

Thanks!

Was it helpful?

Solution

Apparently the "system user administrator" isn't enough. Create a root user:

> db.createUser({user:"someadmin",pwd:"secret", roles:[{role:"root",db:"admin"}]})

Then add your database user:

> use some_db
> db.createUser(
    {
      user: "mongouser",
      pwd: "someothersecret",
      roles: ["readWrite"]
    }
)

More details on this gist. Comments on gist and better answers on SO welcome - I'm not a sys admin

OTHER TIPS

1) The role that you assign the admin user- userAdminAnyDatabase - doesn't have unlimited privileges. It's just a role that is allowed to create and manage users on any database. Apparently, by default it is restricted from executing certain commands that are not directly related to managing database users (such as fetching the startup warnings from the log, querying the server status, etc.).

You can use the 'root' role instead as Tony suggests. If you are going to use the root account to do setup and management and then just have a few basic read/write privileged accounts talking to the database, this probably makes the most sense.

2) In general, connecting on the client side just requires calling the db.authenticate() function after connecting from your client code. There are different ways to do this depending on the driver/language that you are using for a client. The node.js driver code is pretty typical: http://mongodb.github.io/node-mongodb-native/api-generated/db.html#authenticate

Even after following @Tony's method I was getting a 

`com.mongodb.CommandFailureException:`

Adding

compile 'org.mongodb:mongo-java-driver:2.13.1'

in Dependency section of BuildConfig.groovy however fixed the issue.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top