Error: couldn't add user: not authorized on test to execute command { createUser:

29
votes

I'm starting with MongoDB and I would like to user/pass access to the dbs. The first thing I did was to create and admin user and start mongodb with auth activate, this is my created user:

db.getUser("admin") 
{
        "_id" : "admin.admin",
        "user" : "admin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "dbAdminAnyDatabase",
                        "db" : "admin"
                },
                {
                        "role" : "clusterAdmin",
                        "db" : "admin"
                }
        ] }
}

After that, I try to create users with the following commands:

use newdb
db.createUser(
  {
    user: "newuser",
    pwd: "12345678",
    roles: [ { role: "readWrite", db: "newdb" } ]
  }
)

But I got this error:

Error: couldn't add user: not authorized on newdb to execute command { createUser: "newuser", pwd: "xxx", roles: [ { role: "readWrite", db: "newdb" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } } at src/mongo/shell/db.js:1004

I have googled about it but there are only two results, one on Chinese and the other not related, so I'm a little lost. Any idea ? It looks like my admin user doesn't have privilege, I access to the mongodb with the following command:

$mongo --port 27017 -u adminUser -p adminPass  --authenticationDatabase admin

Thanks in advance.

6
mongodb
You didn't include the userAdmin/userAdminAnyDatabase role in the admin user. dbAdminAnyDatabase and clusterAdmin don't include user management privileges.wdberkeley
That was the problem. Well, that was my first encounter with mongodb :) Thank you very much!brb
For me "use admin" command helped as I didn't select the db at firstEugene

6 Answers

23
votes

Stop the running instance of mongod mongod --config /usr/local/etc/mongod.conf --auth

then start without --auth like mongod --config /usr/local/etc/mongod.conf

then update your roles like

db.updateUser("admin",{roles : ["userAdminAnyDatabase","userAdmin","readWrite","dbAdmin","clusterAdmin","readWriteAnyDatabase","dbAdminAnyDatabase"]});

Now again start mongod with --auth and try.

The idea is you have to create user under "admin" database with all the ROLES mentioned above.

But this user is not part of other databases. So once you created the admin user,

then login as that admin user,

SERVER: mongod --config /usr/local/etc/mongod.conf --auth

CLIENT: ./mongodb/bin/mongo localhost:27017/admin -u adminUser -p 123456

use APPLICATION_DB

again create a new user (say APP_USER) for this APPLICATION_DB. This time for this application user you need only "dbOwner" role.

db.createUser({user:"test", pwd:"test", roles:['dbOwner']})

Now your application has to use this APP_USER and APP_DB.

15
votes

I fixed the same problem just exit and login as admin

mongo -u admin

enter your admin user password

after login, create a user as usual you mentioned

use newdb
db.createUser(
  {
    user: "newuser",
    pwd: "12345678",
    roles: [ { role: "readWrite", db: "newdb" } ]
  }
)
5
votes

You should exit the current mongod process and restart it again without parameter --auth.

On Terminal type: mongod

After the process of mongod gets started then you can open new terminal tab to run mongo shell command :

mongo --shell
use new_your_database
db.createUser(
   {
     user: "mongo_admin",
     pwd: "mongo_admin",
     roles: [ "readWrite", "dbAdmin" ]
   }
)

it should be done successfully....

4
votes

Below command says, you have created admin user and password. 

db.getUser("admin")      
{    
        "_id" : "admin.admin",   
        "user" : "admin",    
        "db" : "admin",    
        "roles" : [    
                {    
                        "role" : "dbAdminAnyDatabase",    
                        "db" : "admin"    
                },    
                {    
                        "role" : "clusterAdmin",    
                        "db" : "admin"    
                }    
        ] }    
}

Once you create the admin user and password, Mongo will not allow you to do any schema update as normal a admin user which you used to login previously.

Use newly created admin user and password to create new users or do any updates. It should work.

3
votes

in my case:

1.stop mongodb :

$ service mongod stop

2.editing this /etc/mongod.conf:

   security:

     authorization: "disabled"

3.then I start again service:

$ service mongod start

4.Add user:

 $ mongo mongodb://localhost:27017
use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

5.comment lines from /etc/mongod.conf added in step 2

6.restart mongod

 service mongod restart
1
votes

If you're here with the same issue & having a config file to trigger mongod instances- then go ahead and exit from the running process of mongod & in your config file make sure you make security.authorization : disabled, in addition if you've keyFile (i.e; path to a cert file), then comment that spec as well, now start you mongod process using that config file - you should be able to create an user using admin db.

If you work on replica set : Once if you're done with creating a primary node + a user, make sure you initiate & connect to replica set (which again internally connects to primary node),here you can do anything with earlier created user, but when you connect directly to primary node again to execute few commands like rs.initiate()/rs.status()/show dbs/show users, you would end-up getting errors like (there are no users authenticated).

security:
  authorization: disabled
# keyFile: /opt/mongodb/keyfile