锁定我自己的mongodb实例 [英] Locked out of my own mongodb instance

问题描述

我已经创建了两个用户，我以为是userAdmins.不幸的是，当我与他们登录时，我得到的所有权限都被拒绝.如果我在本地登录时未提供用户名或密码，那么我将获得所有权限的拒绝.我该怎么办?

I've created two users, who I thought were userAdmins. Unfortunately, when I login with them, I get permission denied for everything. If I login locally without providing a username or password, I get permission denied for everything. What can I do?

使用以下命令创建用户

use admin

db.createUser(
    {
      user: "Nikhil",
      pwd: "wouldntyouliketoknow",
      roles: ["userAdminAnyDatabase" ]
    }
)

userAdminAnyDatabase并不是我想的意思吗?

Does userAdminAnyDatabase not mean what I think it means?

推荐答案

我正在使用您已启用授权安全性功能的功能.您为什么不只将security.authorization设置为Disabled并重新启动mongod?

I'm using that you've got authorization security enabled for this to be happening. Why don't you just set security.authorization to disabled and restart mongod?

http://docs.mongodb.org/manual/reference/configuration-options /

就您发出的命令而言，它看起来是不正确的，应该是这样的:

As far as the command you issued it looks to be incorrect, should be something like this:

use admin

db.createUser(
  {
    user: "Nikhil",
    pwd: "wouldntyouliketoknow",
    roles: 
      [
        {
          role: "userAdminAnyDatabase",
          db: "admin"
        }
      ]
  }
)

请注意，您必须将具有角色和数据库的文档传递给调用.

Note that you have to pass in a document with both the role and the db into the call.

最佳起点在这里: http://docs.mongodb.org/manual /tutorial/enable-authentication/

该用户仅限于所有数据库上的userAdmin角色.如果您想执行其他操作，则需要授予自己其他角色或创建拥有这些角色的新用户:

This user is limited to the userAdmin role on all databases. If you want to perform additional actions you'll need to either grant yourself additional roles or create a new user who has them:

userAdminAnyDatabase

Provides the same access to user administration operations as userAdmin, except it applies to all databases in the cluster. The role also provides the following actions on the cluster as a whole:

authSchemaUpgrade
invalidateUserCache
listDatabases

The role also provides the following actions on the admin.system.users and admin.system.roles collections on the admin database, and on legacy system.users collections from versions of MongoDB prior to 2.6:

collStats
dbHash
dbStats
find
killCursors
planCacheRead

The userAdminAnyDatabase role does not restrict the permissions that a user can grant. As a result, userAdminAnyDatabase users can grant themselves privileges in excess of their current privileges and even can grant themselves all privileges, even though the role does not explicitly authorize privileges beyond user administration. This role is effectively a MongoDB system superuser.

http://docs.mongodb.org /manual/reference/built-in-roles/#built-in-roles

这篇关于锁定我自己的mongodb实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！