Mongo用户权限，可读写任何数据库

Question

Mongo newb here. I have a mongo installation with four databases and would like to create a user that can read and write to all the databases. I tried:

use admin;
db.addUser({user: "foo" , pwd: "bar", roles: [  "readWriteAnyDatabase" ]})

but when I try to do

mongo someotherdb -u foo -p

and authenticate with the correct password it gives me an authentication error.

I also tried manually adding the users to the other databases by doing this

use someotherdb
db.addUser({user: "foo", roles: ['readWrite'], userSource: "admin"});

and still no dice trying to log in via the mongo shell or using the auth command in the target db.

Am I doing something wrong? How do you go about making a user who can globally read and write to any db? Do you have to add said user to each db's system.users collection or is that not necessary if they have the "readWriteAnyDatabase" role?

I'm using mongo 2.4 on ubuntu.

Answer 1

So, I've finally figured this out. Note, this fix only works for Mongo 2.4.

In 2.4 you can specify a database to authenticate yourself with in the connection string or on the command line

So to create the initial user

use admin
db.createUser({user: "foo" , pwd: "bar", roles: [  "userAdminAnyDatabase","readWriteAnyDatabase" ]})

and to authenticate use

mongo -u foo --authenticationDatabase admin -p

Now you should be able to do whatever you want to any DB