13

I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).

I'm statring mongo server:

sudo ./mongod

Starting client:

./mongo

Setting password:

use admin
db.addUser("root", "root")
exit

The output is:

MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
    "user" : "root",
    "readOnly" : false,
    "pwd" : "2a8025f0885adad5a8ce0044070032b3",
    "_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit

Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?

Also tried to start mongo server with -auth parameter, the same result:

./mongod -auth

UPD: After starting with -auth parameter can't login with any pass. Getting:

Thu Dec 13 03:27:38 uncaught exception: error {
    "$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
    "code" : 10057
}

Update: I dont know what's goin on...

> db.auth("root","root");
1
> ^C
bye

It can login. Let's restart ./mongod --auth and ./mongo:

MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
    "$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
    "code" : 10057
}
> db.auth("root","root")
1

Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.

UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:

mongo_db.open(function(err,data){
  if(data){
    data.authenticate("root", "root",function(err2,data2){
         if(data2){
             console.log("Database opened");
         }
         else{
             console.log(err2);
         }
    });
  } else {
       console.log(err);
  }
});

And I get:

{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }

But mention, MongoHub with same credentials works fine.

Improve this question
3
  • You are creating an admin user, are you using db.auth("root","root") on the admin database? As you've seen, you will need to restart the process with --auth for authentication to be enabled. Commented Dec 12, 2012 at 23:57
  • actually, after switching to -auth option I can't even access to mongo. I get: Unkown Host. Please check if MongoDB is running on the given host and port ! error. But mongo is running on 27017, and if I switch -auth off, it works as usual (however, I've got a new database "admin") Commented Dec 13, 2012 at 0:11
  • I used this tutorial and had no problems with that. Take a look at this instruction, if you're trying to connection from localhost. Commented Dec 13, 2012 at 13:40

1 Answer 1

Reset to default
8

From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.

Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.

At this point you can connect to the admin database and authenticate your admin user:

use admin
db.auth('root', 'root')

Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.

If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.

If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases

You can find more information on setting up authentication here and more information about setting up users here

Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yeah, my current version is mViewer-v0.9.1 as the only avialable version on their official github is 0.9.1. Thanks for your comment, I'll try another UI and write about it later.
If you don't use mViewer, are you able to connect and authenticate? Also, if you need to have mViewer, you could clone the GitHub repo and build the latest version.
Well, if I start mongo, and write: > db.auth("root","root"); it returns me 1. It meens, auth processes succesfully, yeah?
I've updated the answer, but basically the issue in the first instance is that you are trying to auth against the test database - the admin users auth against the admin database.
Thanks, I've got it. To get access to my db I shoul login, switch to my db with use, add user exactly for this db.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.