当前位置:theitroad>mongodb 在 mongdb 集群上创建第一个管理员用户时出现错误“无法添加用户:管理员无权执行命令”

mongodb 在 mongdb 集群上创建第一个管理员用户时出现错误“无法添加用户:管理员无权执行命令”

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/41783700/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-08 20:53:29  来源:igfitidea点击:

When creating first admin user on mongdb cluster getting error "couldn't add user: not authorized on admin to execute command"

mongodb

提问by Prakash Kumar

I am using mongoDB Cluster with version 3.4 in google cloud compute engine, actually past week my database got attacked by hackers that's why i thought about using authorization so that i can avoid these types of attack. Now to add Authorizations i saw this article how-to-create-mongodb-replication-clusters, now i have added a keyfilewith chmod 0600on each of my cluster node, but now when i am trying to add my first admin useri am getting below error

我在谷歌云计算引擎中使用 3.4 版的 mongoDB 集群,实际上上周我的数据库遭到黑客攻击,这就是为什么我考虑使用授权来避免这些类型的攻击。现在要添加授权,我看到了这篇文章how-to-create-mongodb-replication-clusters,现在我在我的每个集群节点上添加了一个keyfilewith chmod 0600,但是现在当我尝试添加我的第一个admin user时,出现以下错误

use admin
switched to db admin
rs0:PRIMARY> db.createUser({user: "RootAdmin", pwd: "password123", roles: [ { role: "root", db: "admin" } ]});
2017-01-21T18:19:09.814+0000 E QUERY    [main] Error: couldn't add user: not authorized on admin to execute comm
and { createUser: "RootAdmin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writ
eConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
@(shell):1:1

I have searched everywhere but haven't found anything on why i am getting this error.

我到处搜索,但没有找到任何关于为什么我收到此错误的信息。

Can anyone please help me how can i solve this error.

任何人都可以帮助我如何解决这个错误。

UPDATEMy config file is given below for each of the instances

更新我的配置文件在下面给出了每个实例

Secondary Server Config

辅助服务器配置

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: false
   #engine:
  mmapv1:
    smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:

Arbiter Server Config

仲裁服务器配置

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:

#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:

Primary Server Config

主服务器配置

#!/bin/bash
# mongod.conf
# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
  dbPath: /mnt/mongodb/db
  journal:
    enabled: true
   #engine:
  #mmapv1:
    #smallFiles: true
#  wiredTiger:
# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /mnt/mongodb/log/mongodb.log
# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
replication:
  replSetName: rs0
#processManagement:
security:
  authorization: disabled
  keyFile: /opt/mongodb/keyfile
#operationProfiling:

#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:

回答by datdinhquoc

You have to change your mongod.conffile to disable authorization before creating such admin user

在创建此类管理员用户之前,您必须更改mongod.conf文件以禁用授权

security:
  authorization: disabled

After that, restart the mongod serviceand open mongodb shell to create the admin user

之后,重启mongod服务并打开mongodb shell创建admin用户

use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})

Remember to enable authorization back on after creating user.

请记住在创建用户后重新启用授权。

回答by Darth Cookie

johnlowvale's answeris correct, but

johnlowvale回答是正确的,但是

keyFile implies security.authorization.

source: https://docs.mongodb.com/manual/reference/configuration-options/#security.keyFile

来源:https: //docs.mongodb.com/manual/reference/configuration-options/#security.keyFile

You have to disable authorization AND the keyFile.

您必须禁用授权和密钥文件。

security:
  authorization: disabled
# keyFile: /opt/mongodb/keyfile

(insufficient rep or I'd have just commented this on johnlowvale's answer)

(代表不足,否则我只是在 johnlowvale 的回答中对此发表了评论)

回答by Girish Kumar

edit vim /lib/systemd/system/mongod.service

编辑 vim /lib/systemd/system/mongod.service

remove --auth 
restart

#ExecStart=/usr/bin/mongod --quiet --auth   --config /etc/mongod.conf
ExecStart=/usr/bin/mongod --quiet  --config /etc/mongod.conf
use admin
db.createUser({user:"RootAdmin",pwd:"blahblah",roles:["root"]})

回答by Pritam Roy

To be able to create a new user, you need to first disable security in /etc/mongod.conf

为了能够创建新用户,您需要先在 /etc/mongod.conf 中禁用安全性

// security: // authorization: enabled Then restart Mongodb server sudo service mongo restart

// security: // authorization: enabled 然后重启mongodb服务器 sudo service mongo restart

After this you can add the user and role that you want from the shell.

在此之后,您可以从 shell 添加您想要的用户和角色。

db.createUser({ user: 'test_user', pwd: 'test', roles: [ { role: "userAdmin", db: "test" }, { role: "dbAdmin", db: "test" }, { role: "readWrite", db: "test" } ] })

db.createUser({ user: 'test_user', pwd: 'test', roles: [ { role: "userAdmin", db: "test" }, { role: "dbAdmin", db: "test" }, { role: "readWrite", db: "test" } ] })

To enable authenticated connection Uncomment the line again in /etc/mongod.conf

启用经过身份验证的连接 在 /etc/mongod.conf 中再次取消注释该行

security: authorization: enabled and restart the server again

security: authorization: enabled 并再次重新启动服务器

回答by Dinis Gomes

Once you are connected to this first node, you can initiate the replica set with rs.initiate(). Again, this command must be run from the same host as the mongod to use the localhost exception.

连接到第一个节点后,您可以使用 rs.initiate() 启动副本集。同样,此命令必须从与 mongod 相同的主机运行才能使用 localhost 异常。

We can create our admin user with the following commands:

我们可以使用以下命令创建我们的管理员用户:

rs.initiate()
use admin
db.createUser({
  user: "admin",
  pwd: "pass",
  roles: [
    {role: "root", db: "admin"}
  ]
})

回答by B Kane

When a new database is setup with authorisation/security enabled but no users set up, you can only connect to it from the localhost. In your config file you should have bind ip set to 127.0.0.1 I think in order to make sure you connect to it with the correct authorisation to create new users.

当设置了启用授权/安全性的新数据库但未设置用户时,您只能从本地主机连接到它。在您的配置文件中,您应该将绑定 ip 设置为 127.0.0.1 我认为是为了确保您使用正确的授权连接到它以创建新用户。

This is what it says in Mongo course M103

这就是 Mongo 课程 M103 中所说的

By default, a mongod that enforces authentication but has no configured users only allows connections through the localhost.

默认情况下,强制身份验证但没有配置用户的 mongod 只允许通过 localhost 进行连接。

相关推荐

wpf 设置 ComboBox 选中项高亮颜色

wpf 设置 ComboBox 选中项高亮颜色

MongoDB - 简单的子查询示例

MongoDB - 简单的子查询示例

wpf 如何仅使用 XAML 而没有代码隐藏对 ListBox 进行排序?

wpf 如何仅使用 XAML 而没有代码隐藏对 ListBox 进行排序?

使用 $and 和多个 $or 查询 MongoDB

使用 $and 和多个 $or 查询 MongoDB

相关推荐
最近更新
标签