Create Superuser in mongo

N

2

54

I'm trying to create a user in mongo who can do anything in any db.

According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator

This is the code:

use admin
db.addUser( { user: "try1",
              pwd: "hello,
              roles: [ "userAdminAnyDatabase" ] } )

Then I stopped mongo, enabled the auth and restarted mongo.

Then I tried to create a database with his user.

According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/

use fragola 
db.users.save( {username:"fragolino"} )

And I get this: "not authorized for insert on fragola.users"

Anyone can help me?

Novelist answered 25/3, 2014 at 14:55 Comment(0)

H

64

The role userAdminAnyDatabase gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).

However, the userAdminAnyDatabase role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:

readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin

A user who has the above three rights and userAdminAnyDatabase is a true super-user and can do anything.

Hydrometer answered 25/3, 2014 at 15:28 Comment(0)

B

74

from docs.mongodb.org-superuser-roles

Lets write answer that looks simple & also simple to implement

Steps :

1 : sudo apt-get install mongodb-org - in new terminal

2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb

3 : mongo --port 27017 - in new terminal

4 : use admin

5 : As @drmirror said a user should have all 4 roles to be superuser

For Mongo Version 2.

db.createUser(
{
    user: "tom",
    pwd: "jerry",
    roles: [
              { role: "userAdminAnyDatabase", db: "admin" },
              { role: "readWriteAnyDatabase", db: "admin" },
              { role: "dbAdminAnyDatabase", db: "admin" },
              { role: "clusterAdmin", db: "admin" }
           ]
})

For Mongo Version 3.

db.createUser(
   {
       user: "tom", 
       pwd: "jerry", 
       roles:["root"]
   })

6 : sudo /etc/init.d/mongod stop OR sudo service mongod stop - in new terminal

7 : sudo /etc/init.d/mongod start OR sudo service mongod start

8 : restart your pc

9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb - in new terminal

10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin" - in new terminal

Note : step 10 is most important step .

it will give Output on terminal like

MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>

Bellbird answered 6/1, 2016 at 13:40 Comment(4)

You need to put db and role, like roles:[{role:'root', db:'admin'}] – Loadstone 4/11, 2016 at 18:33

@mpoletto If this command is run from within the admin db, the roles array doesn't require a key/value pair to specify the admin db. – Saransk 23/1, 2017 at 16:37

This worked for me, no need to restart the PC though, just the service. – Percuss 11/9, 2018 at 10:34

From version 4.2 you can or even should use function passwordPrompt() i.e. something like this: db.createUser({user:"superuser", pwd:passwordPrompt(), roles:["root"]}). This is considered more secure than typing password that is visible on the screen. Be careful, password prompt is displayed only once. It does NOT ask you to retype your password. – Latterly 2/2, 2021 at 8:7

H

64