I'm using docker image mongo
and I extend it to create a user and assign permissions on image build with such a line COPY init.sh /docker-entrypoint-initdb.d/
Here is the init.sh:
#!/bin/bash
set -e;
mongo -u mongo -p asdfasdf --authenticationDatabase admin <<-EOJS
use admin;
db.createUser({
user: "mongouser",
pwd: "asdfasdf",
roles: []
});
db.grantRolesToUser(
"mongouser",
[
"root",
{role: "readWrite", db: "translations"},
{role: "readWrite", db: "notifications"}
]
);
exit;
EOJS
all, looks good, when I check in the terminal I can see that user exists and has all permissions
root@8f26d6da46a7:/# mongo -u mongo -p asdfasdf --authenticationDatabase admin
> use admin
switched to db admin
> db.system.users.find();
{ "_id" : "admin.mongo", "userId" : UUID("7197ece0-014c-44ea-a5d9-cbb6ef683582"), "user" : "mongo", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "hRtMnmboNWoZMK0uzbftpQ==", "storedKey" : "AoFg3PCSQpcT/mcl94w8Kb1C0kg=", "serverKey" : "V1gll09EhlqAnk3kVoWn3s+0X5c=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "phs+erLhT7CwBHqo9ruK5eN7JO2GVC9t8ovutQ==", "storedKey" : "Rv8CTc/b1hY6xFAdyXjC5nFdvwbvxFzeln065rEMjyI=", "serverKey" : "VkkZ1BNBf5gfduuHMXGQlGgrumMct1nvbC8AEfFJXvw=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "admin.mongouser", "userId" : UUID("74ad059c-57de-4a75-93c4-3d3bb00d5a14"), "user" : "mongouser", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "hh2dgliZhjl/1Is97rwiCg==", "storedKey" : "nkD+K7dbnI1PMks/gae4EuADm+Q=", "serverKey" : "696PKwhA+8Aib6QEfWRxkH0HXgE=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "4SE8LG8dOP07QJME8dwhTyEicmQtcIlRZjPnsQ==", "storedKey" : "7LPWRkX1U0MVfKfvQ2Pf7fMz7T5MntMV6tS5JfgFTmU=", "serverKey" : "nTk38FwgZPPf9Tlv5/Ow5C+SFvS01ciTkjqwzRp5HWs=" } }, "roles" : [ { "role" : "readWrite", "db" : "notifications" }, { "role" : "root", "db" : "admin" }, { "role" : "readWrite", "db" : "translations" } ] }
but when web application trying to run some query it's throwing error Authentication failed.
for both databases.
It worked before when I use only one database (translations
), but after I add permissions for the notifications
database it stops working for both databases.
What I'm doing wrong, it seems that permissions set correctly?
Best Answer
okay, I make it work like this
but why I need to create separate users, why I can't assign the same usr to multiple databases?