Missing MongoDB databases?

K

keybus2021-04-02 20:51:51

MongoDB

keybus, 2021-04-02 20:51:51

Good day! I tried to set up access to the database by login / password. I created a user under which I could not log in, later it "did not exist" in the admin database. After that, all the databases created by me disappeared ...

Does anyone know what happened in this situation?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Igor Deyashkin, 2021-04-08
@keybus

If you do as you described - authorization is successful. Probably, somewhere in the process of setting up or authorization, an error was made - for example, the user was created in the wrong database or something else.

Listing my check

docker volume create testvol

docker run --rm --name test-mongo -v "testvol:/data/db" -d mongo
docker exec -it test-mongo mongo

use testDb;
db.createCollection("testCollection");
use admin;

db.createRole({
role: "Admin",
privileges: [{
resource: {
db: "testDb",
collection: "testCollection"
},
actions: ["anyAction", "internal"]
}],
roles: []
});

db.createUser({
user: "Admin",
pwd: "testpasswd",
roles: ["Admin"]
});

db.adminCommand({"listDatabases":1, "filter": {"name": "testDb"}, "nameOnly": true});
// { "databases" : [ { "name" : "testDb" } ], "ok" : 1 }

docker stop test-mongo

docker run --rm -v "testvol:/data/db" --name test-mongo -d mongo --auth

docker exec -it test-mongo mongo

db.adminCommand({"listDatabases":1, "filter": {"name": "testDb"}, "nameOnly": true});
//{
//        "ok" : 0,
//        "errmsg" : "command listDatabases requires authentication",
//        "code" : 13,
//        "codeName" : "Unauthorized"
//}

use admin;
db.auth("Admin", "testpasswd");
// 1
db.adminCommand({"listDatabases":1, "filter": {"name": "testDb"}, "nameOnly": true});
// { "databases" : [ { "name" : "testDb" } ], "ok" : 1 }

With disabled authorization, all databases should be visible to you in theory. Perhaps the created user somehow prevents them from being seen in the admin panels through which you check, so use the `listDatabases` command for the purity of the experiment. Run the database with disabled authorization, check that the database exists. If it is not there - probably there is already a problem not related to authorization - write here about it. Find where you created the Admin user and delete it.

docker run --rm -v "testvol:/data/db" --name test-mongo -d mongo
docker exec -it test-mongo mongo

use admin;
// switched to db admin
db.getUsers();
// [{ "_id" : "admin.Admin", ...
db.dropUser("Admin");
// true

After that, you can configure the user again. Perhaps it makes sense to create a "superuser" - a user under which you can administer the database without having to restart the server with disabled authorization. After all, you give the Admin user rights to only one collection, and not to an instance, and, as I understand it, he will not be able to create additional databases, collections, or users.
You can use the root role for this , for example.
And already under this user, continue the configuration.
I note that about the permissions that you issue to your user , it says :
> Do not assign this action unless it is absolutely necessary.
As soon as he gives out exactly those permissions that he needs for the current work, and do the rest from under the "superuser".