I'm using mongodb 2.6.1, Windows 7 64bit
I started mongod without --auth
and create a first user using
db.createUser({
user: "root",
pwd: "xxx",
roles:
[{
role: "userAdminAnyDatabase",
db: "admin"
}]
})
I restarted mongod again with this configuration
systemLog:
destination: "file"
path: "c:\\mongodb\\log\\mongo.log"
quiet: true
logAppend: true
storage:
dbPath: "c:\\mongodb\\data\\db"
directoryPerDB: true
smallFiles: true
journal:
enabled: true
net:
bindIp: 127.0.0.1
port: 27017
http:
enabled: true
JSONPEnabled: true
RESTInterfaceEnabled: true
security:
authorization: enabled
There was no errors, so the authentication has been enabled.
I started mongo using mongo -u root -p --authenticationDatabase admin
but I got error message shown below.
MongoDB shell version: 2.6.1
Enter password:
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
I tried to use show collections
but I got error message shown below.
2014-05-20T00:36:07.801+0700 error: {
"$err" : "not authorized for query on admin.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
But when I tried db.system.users.find()
I can display the user in the collection without any error messages.
I also tried db.auth("root","xxx")
but I got the same result, I can display user but I cannot list available collections.
I have 2 more db which were imported from the older version, without --auth
these dbs work just fine, but starting mongod with authentication enabled, I cannot display anything inside those dbs.
Please help, solve the question.
In my case, the username: root was created with adminAnyDatabase
, which actually has no priviliges such as find action.
Therefore as I expected the root to be top level user, so the root should be granted as superuser using root role.
use admin
db.grantRolesToUser(
"root",
[
{ role: "root", db: "admin" }
]
)
Also the adminAnyDatabase
should be revoked
use admin
db.revokeRolesFromUser(
"root",
[
{ role: "adminAnyDatabase", db: "admin" }
]
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.