MongoDB - 管理员用户未授权
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23943651/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
MongoDB - admin user not authorized
提问by peter.petrov
I am trying to add authorization to my MongoDB.
I am doing all this on Linux with MongoDB 2.6.1.
My mongod.conf file is in the old compatibility format
(this is how it came with the installation).
我正在尝试向我的 MongoDB 添加授权。
我正在使用 MongoDB 2.6.1 在 Linux 上完成所有这些。
我的 mongod.conf 文件采用旧的兼容格式
(这是安装时的格式)。
1) I created admin user as described here in (3)
1) 我按照 (3) 中的描述创建了管理员用户
http://docs.mongodb.org/manual/tutorial/add-user-administrator/
http://docs.mongodb.org/manual/tutorial/add-user-administrator/
2) I then edited mongod.conf by uncommenting this line
2)然后我通过取消注释这一行来编辑 mongod.conf
auth = true
auth = true
3) Finally I rebooted the mongod service and I tried to login with:
3)最后,我重新启动了 mongod 服务,并尝试使用以下命令登录:
/usr/bin/mongo localhost:27017/admin -u sa -p pwd
/usr/bin/mongo localhost:27017/admin -u sa -p pwd
4) I can connect but it says this upon connect.
4)我可以连接,但它在连接时说这个。
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:47:16 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
5) Now it seems this sauser I created has no permissions at all.
5) 现在看来sa我创建的这个用户根本没有权限。
root@test02:~# mc
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:57:03 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
[admin] 2014-05-29 17:57:03.011 >>> use admin
switched to db admin
[admin] 2014-05-29 17:57:07.889 >>> show collections
2014-05-29T17:57:10.377-0400 error: {
"$err" : "not authorized for query on admin.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[admin] 2014-05-29 17:57:10.378 >>> use test
switched to db test
[test] 2014-05-29 17:57:13.466 >>> show collections
2014-05-29T17:57:15.930-0400 error: {
"$err" : "not authorized for query on test.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[test] 2014-05-29 17:57:15.931 >>>
What is the problem? I repeated this whole procedure 3 times and
I think I did it all as specified in the MongoDB docs. But it doesn't work.
I was expecting this sauser to be authorized to do anything so that
he can then create other users and give them more specific permissions.
问题是什么?我将整个过程重复了 3 次,
我认为我按照 MongoDB 文档中的规定完成了所有操作。但它不起作用。
我希望这个sa用户被授权做任何事情,这样
他就可以创建其他用户并授予他们更具体的权限。
回答by s-hunter
I was also scratching my head around the same issue, and everything worked after I set the role to be root when adding the first admin user.
我也在同一个问题上挠头,在添加第一个管理员用户时将角色设置为 root 后,一切正常。
use admin
db.createUser(
{
user: 'admin',
pwd: 'password',
roles: [ { role: 'root', db: 'admin' } ]
}
);
exit;
If you have already created the adminuser, you can change the role like this:
如果您已经创建了admin用户,您可以像这样更改角色:
use admin;
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
For a complete authentication setting reference, see the stepsI've compiled after hours of research over the internet.
有关完整的身份验证设置参考,请参阅我在互联网上研究数小时后编制的步骤。
回答by John Petrone
It's a bit confusing - I believe you will need to grant yourself readWrite to query a database. A user with dbadmin or useradmin can admin the database (including granting yourself additional rights) but cannot perform queries or write data.
这有点令人困惑 - 我相信您需要授予自己 readWrite 来查询数据库。具有 dbadmin 或 useradmin 权限的用户可以管理数据库(包括授予自己额外的权限),但不能执行查询或写入数据。
so grant yourself readWrite and you should be fine -
所以给自己 readWrite ,你应该没问题 -
http://docs.mongodb.org/manual/reference/built-in-roles/#readWrite
http://docs.mongodb.org/manual/reference/built-in-roles/#readWrite
回答by Bart C
Perhaps a quick example of how to change a current user will be helpful to somebody. This is what I was actually looking for.
也许如何更改当前用户的快速示例会对某些人有所帮助。这正是我真正要寻找的。
Following advice of @JohnPetrone I added readWriterole to my admin user with grantRolesToUser
@JohnPetrone我的以下建议添加读写角色与我的管理员用户grantRolesToUser
> use admin
> db.grantRolesToUser("admin",["readWrite"])
> show collections
system.users
system.version
回答by jremi
You can try: Using the --authenticationDatabase flag helps.
您可以尝试:使用 --authenticationDatabase 标志有帮助。
mongo --port 27017 -u "admin" -p "password" --authenticationDatabase "admin"
回答by el Punch
I know this answer is coming really late on in this thread but I hope you check it out.
我知道这个答案在这个线程中来的很晚,但我希望你检查一下。
The reason you get that error is based on the specific role that you granted to the user, which you have gathered by now, and yes giving that user the role rootwill solve your problem but you must first understand what these roles do exactly before granting them to users.
您收到该错误的原因是基于您授予用户的特定角色,您现在已经收集root了这些角色,是的,为该用户提供角色将解决您的问题,但您必须首先了解这些角色在授予他们之前的确切作用给用户。
In tutorial you granted the user the userAdminAnyDatabaserole which basically give the user the ability to manage users of all your databases.
What you were trying to do with your user was outside its role definition.
在教程中,您授予用户userAdminAnyDatabase角色,该角色基本上赋予用户管理所有数据库用户的能力。您尝试对用户执行的操作超出了其角色定义。
The rootrole has this role included in it definition as well as the readWriteAnyDatabase, dbAdminAnyDatabaseand other roles making it a superuser (basically because you can do anything with it).
该root角色的定义中包含此角色以及readWriteAnyDatabase,dbAdminAnyDatabase和其他角色,使其成为超级用户(主要是因为您可以对它执行任何操作)。
You can check out the role definitions to see which roles you will need to give you users to complete certain tasks. https://docs.mongodb.com/manual/reference/built-in-roles/Its not advisable to make all your users super ones :)
您可以查看角色定义以了解您需要为用户提供哪些角色来完成某些任务。 https://docs.mongodb.com/manual/reference/built-in-roles/不建议让所有用户都成为超级用户 :)
回答by cocoTW
It's a simple question.
这是一个简单的问题。
- It's important that you must switch the target db NOTadmin.
- 重要的是您必须切换目标数据库而不是管理员。
use yourDB
使用你的数据库
- check your db authentication by
- 检查您的数据库身份验证
show users
显示用户
- If you get a {} empty object that is the question. You just need to type
- 如果您得到一个 {} 空对象,这就是问题所在。你只需要输入
db.createUser( { user: "yourUser", pwd: "password", roles: [ "readWrite", "dbAdmin" ] } )
db.createUser( { user: "yourUser", pwd: "password", roles: [ "readWrite", "dbAdmin" ] } )
or
或者
db.grantRolesToUser('yourUser',[{ role: "dbAdmin", db: "yourDB" }])
db.grantRolesToUser('yourUser',[{ role: "dbAdmin", db: "yourDB" }])
回答by Mr. Dang
I had this problem because of the hostname in my MongoDB Compasswas pointing to admin instead for my project. Fixed by adding the /projectname after the hostname :) Try this:
我遇到了这个问题,因为我的MongoDB Compass中的主机名指向 admin 而不是我的项目。通过在主机名后添加 /projectname 来修复:) 试试这个:
- Choose your project in the MongoDB atlas website
- Connect/Connect with MongoDB Compass
- Download Compass/Choose your OS
- I used Compass 1.12 or later
- Copy the connection string under the Compass 1.12 or later.
- Open MongoDB Compass/Connect(top left)/Connect To
- Connection String detected/Yes/
- Append your project name after the hostname: cluster9-foodie.mongodb.net/projectname
- Connect & Tested the API with POSTMAN.
- Succeed.
- 在MongoDB 地图集网站中选择您的项目
- 连接/连接 MongoDB Compass
- 下载指南针/选择您的操作系统
- 我使用的是 Compass 1.12 或更高版本
- 复制 Compass 1.12 或更高版本下的连接字符串。
- 打开 MongoDB Compass/Connect(左上角)/Connect To
- 检测到连接字符串/是/
- 主机名后附加项目名称:cluster9-foodie.mongodb.net/项目名称
- 使用 POSTMAN 连接并测试 API。
- 成功。
Use the same connection string in your code too:
在您的代码中也使用相同的连接字符串:
- Before:
- mongodb+srv://projectname:password@cluster9-foodie.mongodb.net/admin
- After:
- mongodb+srv://projectname:password@cluster9-foodie.mongodb.net/projectname
- 前:
- mongodb+srv:// projectname:password@cluster9-foodie.mongodb.net/ admin
- 后:
- MongoDB的+ SRV://项目名称:密码@ cluster9-foodie.mongodb.net /项目名称
Good luck.
祝你好运。
回答by user1797498
use mydb
db.createUser( { user: "test", pwd: "secret", roles: [ "readWrite", "dbAdmin"],passwordDigestor:"server" } )
使用 mydb
db.createUser( { user: "test", pwd: "secret", roles: [ "readWrite", "dbAdmin"],passwordDigestor:"server" } )
回答by whoami
Agreed that you've to get authenticated to admin db and needs at least a role with correct privileges which would avoid 'local host exception' from DB(this is for mongoDB's hosted on-premises), though you've everything in place & still getting not authorized exceptions on almost every command, while accessing mongoDB which got created using Mongo Atlas, then here is the place where you might know the reason, why :
同意您必须对 admin db 进行身份验证,并且至少需要一个具有正确权限的角色,这将避免来自 DB 的“本地主机异常”(这是针对 mongoDB 的本地托管),尽管您已经准备好了一切在访问使用Mongo Atlas创建的 mongoDB 时,几乎每个命令都获得未授权的异常,那么这里是您可能知道原因的地方,为什么:
and also check this if you've hosted mongoDB on mongo Atlas:
如果您已经在mongo Atlas上托管了 mongoDB,还要检查一下:
回答by Prathmesh Bijjargi
Use Admin :
use admin
Create a super user :
db.createUser(
{
user: "master",
pwd: "test@123",
roles: [
{
role: "readWriteAnyDatabase",
db: "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
"userAdminAnyDatabase"
]
}
)
