Create Superuser in mongo

2019-01-30 14:24发布

I'm trying to create a user in mongo who can do anything in any db.

According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator

This is the code:

use admin
db.addUser( { user: "try1",
              pwd: "hello,
              roles: [ "userAdminAnyDatabase" ] } )

Then I stopped mongo, enabled the auth and restarted mongo.

Then I tried to create a database with his user.

According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/

use fragola 
db.users.save( {username:"fragolino"} )

And I get this: "not authorized for insert on fragola.users"

Anyone can help me?

2条回答
劳资没心,怎么记你
2楼-- · 2019-01-30 15:21

from docs.mongodb.org-superuser-roles

Lets write answer that looks simple & also simple to implement

Steps :

1 : sudo apt-get install mongodb-org - in new terminal

2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb

3 : mongo --port 27017 - in new terminal

4 : use admin

5 : As @drmirror said a user should have all 4 roles to be superuser

For Mongo Version 2.

db.createUser(
{
    user: "tom",
    pwd: "jerry",
    roles: [
              { role: "userAdminAnyDatabase", db: "admin" },
              { role: "readWriteAnyDatabase", db: "admin" },
              { role: "dbAdminAnyDatabase", db: "admin" },
              { role: "clusterAdmin", db: "admin" }
           ]
})

For Mongo Version 3.

db.createUser(
   {
       user: "tom", 
       pwd: "jerry", 
       roles:["root"]
   })

6 : sudo /etc/init.d/mongod stop OR sudo service mongod stop - in new terminal

7 : sudo /etc/init.d/mongod start OR sudo service mongod start

8 : restart your pc

9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb - in new terminal

10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin" - in new terminal

Note : step 10 is most important step .

it will give Output on terminal like

MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>
查看更多
ゆ 、 Hurt°
3楼-- · 2019-01-30 15:26

The role userAdminAnyDatabase gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).

However, the userAdminAnyDatabase role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:

readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin

A user who has the above three rights and userAdminAnyDatabase is a true super-user and can do anything.

查看更多
登录 后发表回答