Terminal Inflection

LINUX ESOTERICA, FIXES AND RANTS

AboutErrors Resolved
Linux
Recommended Books
Who Am I?

Jun062012

There are many occasions where you get locked out of a Mongo DB database. It could be that the admin password is unknown, or that the only admin user that exists is “read-only” (something that Mongo permits you to do). Fortunately, it’s fairly straightforward
to remove the admin database safely and recreate the admin user.

Mongo DB has an idiomatic, not to mention pragmatic approach to user authorization. Access to the database is simplified, and not particular granular, with the idea that access control should be passed more to the connecting application itself. Thus, the default
access control is to have no users at all. You need to create an “admin” user account if you want one. Nothing, however enforces this.

One creates an admin user by creating a user on the “admin” database, after logging in to Mongo:

  # mongo localhost

MongoDB shell version: 2.0.2

connecting to: localhost/test

  > use admin

switched to db admin

  >  db.addUser("admin","Password")

And that’s it.

Once this user exists, then every time you login to the database, you need to authenticate, like this:

  # mongo localhost

MongoDB shell version: 2.0.2

connecting to: localhost/test

  > use admin

switched to db admin

  mongo> db.auth("admin","Password")

Failure to authenticate will allow you your connection, but no access to any data. Once again, it’s the fact of the existence of the admin user which enforces access control, as well as the following option in the Mongo DB config file:

  auth=true

Solution

This solution will focus on removal of the admin user in a replica set, because it’s slightly more complicated, and slightly more interesting. If you’re just running a single node, the procedure is considerably easier. Just ignore the cluster steps.

Stop all Mongo processes running in the replica set. These will probably be running with the command line or config file option of “replSet”. Check by running “ps” or checking the /etc/mongod.conf file.

When no Mongo replicas are running, perform the following procedure on each node in turn. You’ll need to bring the Mongo process up at one point, but it is vital that only one replica is running at any one time, otherwise the configuration will get resynchronised
from another node, and you don’t want that. You want it changed.

On each node

Change to the mongo directory where the data files reside, possibly /var/lib/mongo but specified in the configuration file by the dbPath parameter.

  # cd /var/lib/mongo

Move the admin.* files somewhere else to back them up.

  # mv /admin.* /tmp

It’s the simple. Deleting these datafiles will have removed the admin credentials from the database.

Start the mongo replica daemon on this single node. Depending on your distribution and how it’s configured, it’s probably something like this:

  # /etc/init.d/mongod start

  # mongo localhost

MongoDB shell version: 2.0.2

connecting to: localhost/test

  > use admin

switched to db admin

  > db.addUser("admin","password")

At this point, the admin datafiles should have been recreated. Check that the credentials work:

  > db.auth("admin","password")

1

If this returns the numeral “1″, then the login is successful. However, if this is a cluster, the node you’re on may have been marked as stale. To check and fix:

  > db.system.users.find()

error: { "$err" : "not master and slaveok=false", "code" : 13435 }

  > rs.slaveOk()

not master and slaveok=false

The rs.slaveOk() command will allow you to query normally from the secondary:

  SECONDARY> db.system.users.find()

{ "_id" : ObjectId("4fc4972525a7b704e9a3a09e"), "user" : "admin", "readOnly" : false, "pwd" : "2f1bffb1d28a2cca21679103652b1040" }

Now stop mongo, and repeat the above procedure on the other nodes:

  # /etc/init.d/mongod stop

When you have updated the admin password on all mongod replicas, restart all nodes in the replica set.

Now, you should find that all nodes have admin user accounts, and that you can use these to authenticate against each one.

Matt
Parsons is a freelance Linux specialist who has designed, built and supported Unix and Linux systems in the finance, telecommunications and media industries. 



He lives and works in London.

Posted
by Matt
Parsons at 10:44 am Tagged
with: mongo

One Response to “Mongo DB: forcing removal of the admin user”

  1. Thank you so much. This was very helpful.

Leave a Reply

Name

E-mail

URI

Your Comment

You may use these HTML tags and attributes: <a
href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify
me of follow-up comments by email.

Notify
me of new posts by email.

  Mongo
DB Backups with AMANDA

Switch to our mobile site

连接:

http://terminalinflection.com/mongo-db-force-admin-removal/

MongoDb 本机删除密码的方法的更多相关文章

  1. TypeError: db.addUser is not a function : @(shell):1:1 ——mongoDB创建新用户名密码的方法

    不多说,旧版本使用 db.addUser("root","root") 新版本使用这句会出现这个错误提示 TypeError: db.addUser is no ...

  2. 查看本机的IP地址方法:

    查看本机的IP地址方法:对于XP系统:方法一:如果右下角系统托盘区有本地连接的小电脑,双击小电脑→支持,就可以看到本机IP地址.无线连接也是一样.方法二:开始→运行cmd /k ipconfig,IP ...

  3. (转)mysql账号权限密码设置方法

    原文:http://www.greensoftcode.net/techntxt/2013410134247568042483 mysql账号权限密码设置方法 我的mysql安装在c:\mysql 一 ...

  4. mysql忘记root密码拯救方法(flush privileges)

    修改的用户都以root为列.一.拥有原来的myql的root的密码: 方法一:在mysql系统外,使用mysqladmin# mysqladmin -u root -p password " ...

  5. Live帐号登陆win8系统不用输密码的方法

    win 8 系统旨在让大家日常的操作更加方便与快捷.因此,今天,小编将与大家分享的是如何利用Live帐号登陆win8系统,而不用输密码的方法.具体的步骤如下文所述. 按win+R打开运行输入cmd(在 ...

  6. VirtualBox虚拟机下Windows登录密码破解方法(阿里云推荐码:1WFZ0V,立享9折!)

    VirtualBox虚拟机下Windows登录密码破解方法 近两年虚拟机的发展给开发人员带来了极大便利,安装一个新环境,只需从别人那里copy一份虚拟机文件即可,分分钟搞定.我之前一直在Ubuntu下 ...

  7. kafka删除topic的方法及我在kafka上边的一些经验

    我在本地做kafka的producer调试,每隔一段时间后,所使用的topic管道就会堆积数据,而且我这边使用的是  kafka   bin 下的consumer命令单独消费的,每次都是  --fro ...

  8. dedecms后台添加新变量和删除变量的方法

    下面由做网站为大家来介绍dedecms后台添加新变量和删除变量的方法 添加新变量是做什么用的?答:可以在模板内调用的东东. 一.进入网站织梦(Dedecms)后台(以dede5.5为例),依次打开系统 ...

  9. SQLServer2008修改sa密码的方法与SQL server 2008数据库的备份与还原

    sa密码的修改转载自:http://blog.csdn.net/templar1000/article/details/20211191 SQL server 2008数据库的备份与还原转自 :htt ...

随机推荐

  1. PS 如何把大嘴变小嘴

    Photoshop整容教程:让MM美唇大嘴变小嘴 2009-06-17 14:15作者:佚名出处:天极网软件频道责任编辑:王健       下面就开始实际操作了.       1.首先从Photosh ...

  2. vue 实现 扫二维码 功能

    前段时间一直在研究,如何通过 vue 调用 相机 实现 扫一扫的功能,但是查看文档发现,需要获取 getUserMedia 的属性值,但存在兼容性问题. 退而求其次,通过 h5plus 来实现. 1. ...

  3. reorder-list——链表、快慢指针、逆转链表、链表合并

    Given a singly linked list L: L0→L1→…→Ln-1→Ln,reorder it to: L0→Ln→L1→Ln-1→L2→Ln-2→… You must do thi ...

  4. 淘宝数据库OceanBase SQL编译器部分 源码阅读--生成逻辑计划

    body, td { font-family: tahoma; font-size: 10pt; } 淘宝数据库OceanBase SQL编译器部分 源码阅读--生成逻辑计划 SQL编译解析三部曲分为 ...

  5. java的多态以及重载,重写,前期绑定,后期绑定

    多态的定义: 一个类实例的相同方法在不同情形有不同表现形式.多态机制使具有不同内部结构的对象可以共享相同的外部接口.这意味着,虽然针对不同对象的具体操作不同,但通过一个公共的类,它们(那些操作)可以通 ...

  6. [Pyhton]weakref 弱引用

    文档中的解释: https://docs.python.org/2/library/weakref.html wiki 中的解释: 在计算机程序设计中,弱引用.与强引用相对.是指不能确保其引用的对象不 ...

  7. [网页游戏开发]Morn组件赋值

    在讲解List之前,我们先介绍一下Morn组件赋值功能 默认属性赋值 界面逻辑开发过程中,经常会涉及到动态更改UI属性,比如: 界面有一个按钮,一个多选框和一个文本,分别命名为myButton,myC ...

  8. Kafka知识点汇总

    整体结构 watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvZXJpY19zdW5haA==/font/5a6L5L2T/fontsize/400/fill/I ...

  9. MySQL 数据库 的安装和基本管理

    03-MySql安装和基本管理   本节掌握内容: mysql的安装.启动 mysql破解密码 统一字符编码 MySQL是一个关系型数据库管理系统,由瑞典MySQL AB 公司开发,目前属于 Orac ...

  10. enumerated types

    控制台手动输入. package enums; import java.util.Scanner; public class EnumTest { public static void main(St ...