mongoDB : Authentication of user is working fine, but getting "Unauthorized not authorized on admin to execute command" in the logs -


i've followed steps mentioned in how add admin user mongo in 2.6?

at first, "auth=true" in /etc/mongod.conf file commented out authentication not done , create following users in respective dbs.

admin: 

use admin; db.createuser({user: "mongoroot", pwd: "password", roles: [{role: "root", db: "admin"}]});  db.createuser({user: "mongoadmin", pwd: "password", roles: ["readwrite"]}); db.createuser({user: "siteuseradmin", pwd: "password", roles: [{role: "useradminanydatabase", db: "admin"}]});  db.createuser({user: "mongodbadmin", pwd: "password", roles: [{role: "dbadmin", db: "admin"}]});  db.createuser({user: "mongodbowner", pwd: "password", roles: [{role: "dbowner", db: "admin"}]});   db.createuser({user: "mongowrite", pwd: "password", roles: [{role: "readwrite",db: "mongo_database"}]});  (added in admin giving command command-line 'mongo mongo_database --port 27018 -u mongowrite -p password --authenticationdatabase admin', user mongowrite able login done in https://gist.github.com/tamoyal/10441108) db.createuser({user: "mongoread", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});  (added in admin giving command command-line 'mongo mongo_database --port 27018 -u mongoread -p password --authenticationdatabase admin', user mongoread able login  done in https://gist.github.com/tamoyal/10441108)

config: 

use config; db.createuser({user: "mongoconfig", pwd: "password", roles: [{role: "readwrite", db: "config"}]});

test: 

use test; db.createuser({user: "mongotest", pwd: "password", roles: [{role: "readwrite", db: "test"}]});

mongo_database: 

use mongo_database; db.createuser({user: "mongowrite", pwd: "password", roles: [{role: "readwrite",db: "mongo_database"}]});  db.createuser({user: "mongoread", pwd: "password", roles: [{role: "read", db: "mongo_database"}]});  db.createuser({user: "mongoadmin", pwd: "password", roles: [{role: "readwrite", db: "mongo_database"}]});

after making sure required users added, turning on authentication uncommenting "auth=true" in /etc/mongod.conf file , restarting mongodb.

[ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongowrite -p password --authenticationdatabase admin mongodb shell version: 2.6.10 connecting to: 127.0.0.1:27018/mongo_database rs0:primary> db.test.insert({"hello":"world"}); writeresult({ "ninserted" : 1 }) rs0:primary> exit bye [ec2-user@ip-xxx-xx-xx-xx ~]$ mongo mongo_database --port 27018 -u mongoread -p password --authenticationdatabase admin mongodb shell version: 2.6.10 connecting to: 127.0.0.1:27018/mongo_database rs0:primary> db.test.insert({"hello":"world"}); writeresult({         "writeerror" : {                 "code" : 13,                 "errmsg" : "not authorized on mongo_database execute command { insert: \"test\", documents: [ { _id: objectid('559bba6ead81843e121c5ac7'), hello: \"world\" } ], ordered: true }"         } }) rs0:primary>

everything works fine till point. issue encountering log file getting bombarded following 2 lines @ tens of thousand lines per minute , within no time, disk running out of space.

2015-07-07t11:40:28.340+0000 [conn3] unauthorized not authorized on admin execute command { writebacklisten: objectid('55913d82b47aa336e4f971c2') } 2015-07-07t11:40:28.340+0000 [conn2] unauthorized not authorized on admin execute command { writebacklisten: objectid('55923232e292bbe6ca406e4e') }

just give idea, in span of 10 seconds, 10 mb worth of log file generated consisting of above mentioned 2 lines.

[ec2-user@ip-xxx-xx-xx-xx ~]$ date tue jul  7 11:44:01 utc 2015 [ec2-user@ip-xxx-xx-xx-xx ~]$ df -h filesystem      size  used avail use% mounted on /dev/xvdh       4.8g  388m  4.2g   9% /log [ec2-user@ip-xxx-xx-xx-xx ~]$ date tue jul  7 11:44:14 utc 2015 [ec2-user@ip-xxx-xx-xx-xx ~]$ df -h filesystem      size  used avail use% mounted on /dev/xvdh       4.8g  398m  4.2g   9% /log

to knowledge, authentication seems working fine. logs getting filled @ super sonic speed. doing wrong? please help. in advance.

the excessive logging config servers , after adding authentication config servers authentication turned on, wouldn't stop. upgraded mongo 3.0.4 replica sets, turned on authentication on replica sets , upgraded mongo 3.0.4 on config servers , started working fine without issues (same steps on mongo 2.6.x result in issue mentioned above). so, planned upgrade 3.0.4 in order bypass issue. hope, helpful someone.


Comments

Post a Comment

Popular posts from this blog

How to provide Authorization & Authentication using Asp.net, C#? -

Image
i have asp.net application in c#. i have provide page authorization specific user/usergroup. i have created 2 tables in database: 1) pagename 2)permissions[insert, update, view, delete] but i'm unable match tables , permissions assigning... can 1 please me, how created tables in database , how coding. please me. you can below explanation. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, type or paste following code. this code grants users access default1.aspx page , subdir1 folder . <configuration> <system.web> <authentication mode="forms" > <forms loginurl="login.aspx" name=".aspnetauth" protection="none" path="/" timeout="20" > </forms> </authentication> <!-- section denies access files in...
Read more

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

How to use Authorization & Authentication in Asp.net, C#? -

i using roll management , trying give page , folder access according user or user group, using server created ad group user authentication. i have default1.aspx page default , subdir1 folder give different access separate user group i using below logic in web.config. <location path="subdir1"> <system.web> <authorization> <allow users ="?" /> </authorization> </system.web> </location> i facing problem provide same access 2 or more directory same user should have provide allow user code twice both folder? i can use logic repeating value folder want access providing in 1 logic. i have got answer configure folder/page access, have make different access shown below.. configure access specific file , folder, set forms-based authentication. request page in application redirected logon.aspx automatically. in web.config file, done following code. this code grants user...
Read more