[MongoDB]: How can I create a user with hash password insert with __system role.

July 2, 2015 · by · in MongoDB

__system

MongoDB assigns this role to user objects that represent cluster members, such as replica set members and mongos instances. The role entitles its holder to take any action against any object in the database.

Do not assign this role to user objects representing applications or human administrators, other than in exceptional circumstances.

If you need access to all actions on all resources, for example to run applyOps commands, do not assign this role. Instead, create a user-defined role that grants anyAction on anyResource and ensure that only the users who need access to these operations have this access.

 

It may also be possible to use the AnyAction action in a user-defined role to accomplish this

However, use of this role is strongly discouraged – see above from MongoDB documentation:

[ root @ dbversity : /opt/mongodb/bin ] mongo
MongoDB shell version: 2.6.9
connecting to: test
> use admin
switched to db admin
>
>
>
> db.createUser({user: “systemuser”, pwd: “adminpwd”, roles: [ “__system” ]})
Successfully added user: { “user” : “systemuser”, “roles” : [ “__system” ] }
>
bye

[ root @ dbversity : /opt/mongodb/bin ] mongo dbversity:27017/admin -u systemuser -p adminpwd
MongoDB shell version: 2.6.9
connecting to: dbversity:27017/admin
>
>
>
> show dbs
admin 0.078GB
local 0.078GB
>
>
>
>
> db.createUser({“roles” :[“dbAdminAnyDatabase”,”clusterAdmin”,”userAdminAnyDatabase”,”readWriteAnyDatabase”],”user”:”dba_admin”, “pwd”:”pwd”})
Successfully added user: {
“roles” : [
“dbAdminAnyDatabase”,
“clusterAdmin”,
“userAdminAnyDatabase”,
“readWriteAnyDatabase”
],
“user” : “dba_admin”
}
>
>
> hex_md5(“dba_admin:mongo:pwd”)
7d05b3deb278394479af3cc9ba748a51
>
>
> db.system.users.find({“_id” : “admin.dba_admin”}).pretty()
{
“_id” : “admin.dba_admin”,
“user” : “dba_admin”,
“db” : “admin”,
“credentials” : {
“MONGODB-CR” : “7d05b3deb278394479af3cc9ba748a51”
},
“roles” : [
{
“role” : “dbAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “clusterAdmin”,
“db” : “admin”
},
{
“role” : “userAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “readWriteAnyDatabase”,
“db” : “admin”
}
]
}
>
>
>
> hex_md5(“repl_usr:mongo:pwd”)
2455ee7a11177537c12a4a7f4270230a
>
>
> db.system.users.insert({
… “_id” : “admin.repl_usr”,
… “user” : “repl_usr”,
… “db” : “admin”,
… “credentials” : {
… “MONGODB-CR” : “2455ee7a11177537c12a4a7f4270230a”
… },
… “roles” : [
… {
… “role” : “dbAdminAnyDatabase”,
… “db” : “admin”
… },
… {
… “role” : “clusterAdmin”,
… “db” : “admin”
… },
… {
… “role” : “userAdminAnyDatabase”,
… “db” : “admin”
… },
… {
… “role” : “readAnyDatabase”,
… “db” : “admin”
… }
… ]
… })
WriteResult({ “nInserted” : 1 })
>
>
>
bye
[ root @ dbversity : /opt/mongodb/bin ] mongo dbversity:27017/admin -u repl_usr -p pwd
MongoDB shell version: 2.6.9
connecting to: dbversity:27017/admin
>
>
> db.system.users.find()
{ “_id” : “admin.systemuser”, “user” : “systemuser”, “db” : “admin”, “credentials” : { “MONGODB-CR” : “0fcee1af0a1ce2f60acb8cc0732fc26e” }, “roles” : [ { “role” : “__system”, “db” : “admin” } ] }
{ “_id” : “admin.dba_admin”, “user” : “dba_admin”, “db” : “admin”, “credentials” : { “MONGODB-CR” : “7d05b3deb278394479af3cc9ba748a51” }, “roles” : [ { “role” : “dbAdminAnyDatabase”, “db” : “admin” }, { “role” : “clusterAdmin”, “db” : “admin” }, { “role” : “userAdminAnyDatabase”, “db” : “admin” }, { “role” : “readWriteAnyDatabase”, “db” : “admin” } ] }
{ “_id” : “admin.repl_usr”, “user” : “repl_usr”, “db” : “admin”, “credentials” : { “MONGODB-CR” : “7d05b3deb278394479af3cc9ba748a51” }, “roles” : [ { “role” : “dbAdminAnyDatabase”, “db” : “admin” }, { “role” : “clusterAdmin”, “db” : “admin” }, { “role” : “userAdminAnyDatabase”, “db” : “admin” }, { “role” : “readAnyDatabase”, “db” : “admin” } ] }
>
>
> db.system.users.find().pretty()
{
“_id” : “admin.systemuser”,
“user” : “systemuser”,
“db” : “admin”,
“credentials” : {
“MONGODB-CR” : “0fcee1af0a1ce2f60acb8cc0732fc26e”
},
“roles” : [
{
“role” : “__system”,
“db” : “admin”
}
]
}
{
“_id” : “admin.dba_admin”,
“user” : “dba_admin”,
“db” : “admin”,
“credentials” : {
“MONGODB-CR” : “7d05b3deb278394479af3cc9ba748a51”
},
“roles” : [
{
“role” : “dbAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “clusterAdmin”,
“db” : “admin”
},
{
“role” : “userAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “readWriteAnyDatabase”,
“db” : “admin”
}
]
}
{
“_id” : “admin.repl_usr”,
“user” : “repl_usr”,
“db” : “admin”,
“credentials” : {
“MONGODB-CR” : “7d05b3deb278394479af3cc9ba748a51”
},
“roles” : [
{
“role” : “dbAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “clusterAdmin”,
“db” : “admin”
},
{
“role” : “userAdminAnyDatabase”,
“db” : “admin”
},
{
“role” : “readAnyDatabase”,
“db” : “admin”
}
]
}
>

 

  • Ask Question
    • Tags: ,