show dbs gives “Not Authorized to execute command” error

前端 未结 7 1325
暖寄归人
暖寄归人 2020-12-24 13:42

I\'ve spent some time trying to figure out what is wrong but as I could not find out, I decided to ask here.

I am running MongoDB(Windows 64-bit 2008 R2+) version 3.

相关标签:
7条回答
  • 2020-12-24 14:15

    Create a user like this:

    db.createUser(
          {
            user: "myUserAdmin",
            pwd: "abc123",
            roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
          }
        )
    

    Then connect it following this:

    mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
    

    Check the manual :

    https://docs.mongodb.org/manual/tutorial/enable-authentication/

    0 讨论(0)
  • 2020-12-24 14:15

    There are two things,

    1) You can run the mongodb instance without username and password first.

    2) Then you can add the user to the system database of the mongodb which is default one using the query below.

    db.createUser({
      user: "myUserAdmin",
      pwd: "abc123",
      roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
    })
    

    Thanks.

    0 讨论(0)
  • 2020-12-24 14:18

    one more, after you create user by following cmd-1, please assign read/write/root role to the user by cmd-2. then restart mongodb by cmd "mongod --auth".

    The benefit of assign role to the user is you can do read/write operation by mongo shell or python/java and so on, otherwise you will meet "pymongo.errors.OperationFailure: not authorized" when you try to read/write your db.

    cmd-1:

    use admin
    db.createUser({
      user: "newUsername",
      pwd: "password",
      roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
    })
    

    cmd-2:

    db.grantRolesToUser('newUsername',[{ role: "root", db: "admin" }])
    
    0 讨论(0)
  • 2020-12-24 14:19

    Copy of answer OP posted in question:

    Solution

    After the update from the previous edit, I looked a bit about the connection between client and server and I found out that even when mongod.exe was not running, there was still something listening on port 27017 with netstat -a

    So I tried to launch the server with a random port using

    [dir]mongod.exe --port 2000
    

    Then the shell with

    [dir]mongo.exe --port 2000
    

    And this time, the server printed a message saying there is a new connection. I typed few commands and everything was working perfectly fine, I started the basic tutorial from the documentation to check if it was ok and for now it is.

    0 讨论(0)
  • 2020-12-24 14:23

    You should have started the mongod instance with access control, i.e., the --auth command line option, such as:

    $ mongod --auth
    

    Let's start the mongo shell, and create an administrator in the admin database:

    $ mongo
    > use admin
    > db.createUser(
      {
        user: "myUserAdmin",
        pwd: "abc123",
        roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
      }
    )
    

    Now if you run command "db.stats()", or "show users", you will get error "not authorized on admin to execute command..."

    > db.stats()
    {
            "ok" : 0,
            "errmsg" : "not authorized on admin to execute command { dbstats: 1.0, scale: undefined }",
            "code" : 13,
            "codeName" : "Unauthorized"
    }
    

    The reason is that you still have not granted role "read" or "readWrite" to user myUserAdmin. You can do it as below:

    > db.auth("myUserAdmin", "abc123")
    > db.grantRolesToUser("myUserAdmin", [ { role: "read", db: "admin" } ])
    

    Now You can verify it (Command "show users" now works):

    > show users
    {
            "_id" : "admin.myUserAdmin",
            "user" : "myUserAdmin",
            "db" : "admin",
            "roles" : [
                    {
                            "role" : "read",
                            "db" : "admin"
                    },
                    {
                            "role" : "userAdminAnyDatabase",
                            "db" : "admin"
                    }
            ]
    }
    

    Now if you run "db.stats()", you'll also be OK:

    > db.stats()
    {
            "db" : "admin",
            "collections" : 2,
            "views" : 0,
            "objects" : 3,
            "avgObjSize" : 151,
            "dataSize" : 453,
            "storageSize" : 65536,
            "numExtents" : 0,
            "indexes" : 3,
            "indexSize" : 81920,
            "ok" : 1
    }
    

    This user and role mechanism can be applied to any other databases in MongoDB as well, in addition to the admin database.

    (MongoDB version 3.4.3)

    0 讨论(0)
  • 2020-12-24 14:23

    for me it worked by adding

    1) "You can run the mongodb instance without username and password first.---OK

    2) "Then you can add the user to the system database of the mongodb which is default one using the query below".---OK

    db.createUser({
      user: "myUserAdmin",
      pwd: "abc123",
      roles: [ { role: "userAdminAnyDatabase", db: "admin" } ],
      mechanisms:[ "SCRAM-SHA-1" ] // I added this line
    
    })
    
    0 讨论(0)
提交回复
热议问题