Mongo assigning user permsions issue on docker

dba.stackexchange https://dba.stackexchange.com/questions/266603

  •  01-03-2021
  •  | 
  •  

Question

I'm using docker image mongo and I extend it to create a user and assign permissions on image build with such a line COPY init.sh /docker-entrypoint-initdb.d/

Here is the init.sh:

#!/bin/bash
set -e;

mongo -u mongo -p asdfasdf --authenticationDatabase admin <<-EOJS
    use admin;
    db.createUser({
      user: "mongouser",
      pwd: "asdfasdf",
      roles: []
    });

    db.grantRolesToUser(
      "mongouser",
      [
        "root",
        {role: "readWrite", db: "translations"},
        {role: "readWrite", db: "notifications"}
      ]
    );

    exit;
    EOJS

all, looks good, when I check in the terminal I can see that user exists and has all permissions 

root@8f26d6da46a7:/# mongo -u mongo -p asdfasdf  --authenticationDatabase admin 
> use admin
switched to db admin
> db.system.users.find();
{ "_id" : "admin.mongo", "userId" : UUID("7197ece0-014c-44ea-a5d9-cbb6ef683582"), "user" : "mongo", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "hRtMnmboNWoZMK0uzbftpQ==", "storedKey" : "AoFg3PCSQpcT/mcl94w8Kb1C0kg=", "serverKey" : "V1gll09EhlqAnk3kVoWn3s+0X5c=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "phs+erLhT7CwBHqo9ruK5eN7JO2GVC9t8ovutQ==", "storedKey" : "Rv8CTc/b1hY6xFAdyXjC5nFdvwbvxFzeln065rEMjyI=", "serverKey" : "VkkZ1BNBf5gfduuHMXGQlGgrumMct1nvbC8AEfFJXvw=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "admin.mongouser", "userId" : UUID("74ad059c-57de-4a75-93c4-3d3bb00d5a14"), "user" : "mongouser", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "hh2dgliZhjl/1Is97rwiCg==", "storedKey" : "nkD+K7dbnI1PMks/gae4EuADm+Q=", "serverKey" : "696PKwhA+8Aib6QEfWRxkH0HXgE=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "4SE8LG8dOP07QJME8dwhTyEicmQtcIlRZjPnsQ==", "storedKey" : "7LPWRkX1U0MVfKfvQ2Pf7fMz7T5MntMV6tS5JfgFTmU=", "serverKey" : "nTk38FwgZPPf9Tlv5/Ow5C+SFvS01ciTkjqwzRp5HWs=" } }, "roles" : [ { "role" : "readWrite", "db" : "notifications" }, { "role" : "root", "db" : "admin" }, { "role" : "readWrite", "db" : "translations" } ] }

but when web application trying to run some query it's throwing error Authentication failed. for both databases.

It worked before when I use only one database (translations), but after I add permissions for the notifications database it stops working for both databases.

What I'm doing wrong, it seems that permissions set correctly?

No correct solution

OTHER TIPS

okay, I make it work like this

#!/bin/bash
set -e;

mongo -u mongo -p asdfasdf --authenticationDatabase admin <<-EOJS
    use notifications;
    db.createUser({
      user: "mongouser",
      pwd: "asdfasdf",
      roles: [  {role: "readWrite", db: "notifications" }  ]
    });
    use translations;
    db.createUser({
      user: "mongouser",
      pwd: "asdfasdf",
      roles: [  {role: "readWrite", db: "translations" }  ]
    });

    exit;
    EOJS

but why I need to create separate users, why I can't assign the same usr to multiple databases?

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top