db. serverStatus of name executes the resolution of The Times no permissions problem
- 2020-10-07 18:55:37
- OfStack
1. Problem description
Today in execution
db.serverStatus()
It's given in the command
“ "errmsg" : "not authorized on admin to execute command { serverStatus: 1.0 }",”
Error message.
By querying admin, the permissions have already been granted to dbOwner, and then dbadmin and other permissions have been successively granted. The problem still exists.
Finally, I found the list of Mongodb permissions, granted root permissions and finally solved the problem. Then, I tested the other permissions, which showed that ES16en. serverStatus is a server-level command that needs the highest permissions of mongodb to execute.
The following is a simple process of problem handling, to share with you, for reference.
2. Wrong content
[root@ggnode2 ~]# mongo 10.130.170.112:27017/admin -u admin -p
MongoDB shell version: 3.2.8
Enter password:
connecting to: 10.130.170.112:27017/admin
MongoDB Enterprise >
MongoDB Enterprise > db.serverStatus()
{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { serverStatus: 1.0 }",
"code" : 13
}3. Error analysis
From the error content you get, it is because admin did not execute
db.serverStatus()
Command permissions.
MongoDB Enterprise
>
use admin
switched to db admin
MongoDB Enterprise
>
show collections
system.users
system.version
MongoDB Enterprise
>
db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BEN7SONYkewFMx3f67FNQw==", "storedKey" : "HjlvcjSpXpSKetcUbJyj350Xgjk=", "serverKey" : "k2WEf2cHGgg9n3tyEMJyuKaRt3U=" } }, "roles" : [{ "role" : "dbOwner", "db" : "admin" } ] }
Based on the query results, admin has dbOwner role permissions and executes
db.serverStatus()
The command requires root role permissions.
4. Problem Solving:
As you can see from table system.users, admin users need to be given the root role in order to execute the db.serverStatus () command.
The action commands to give the role permissions are as follows:
# Grant role permissions
MongoDB Enterprise > db.grantRolesToUser( "admin" , [ { role: "root", db: "admin" } ])
MongoDB Enterprise >
# Unpermissions of roles
MongoDB Enterprise > db.revokeRolesFromUser( "admin" , [ { role: "root", db: "admin" } ]
MongoDB Enterprise >5. Problem solving
After granting permissions to the root role, execute
db.serverStatus()
The command is OK and the execution results are as follows:
MongoDB Enterprise > db.serverStatus()
MongoDB shell version: 3.2.8
connecting to: 10.130.170.112:27017/admin
{
"host" : "ggnode2",
"advisoryHostFQDNs" : [ ],
"version" : "3.2.8",
"process" : "mongod",
"pid" : NumberLong(23155),
"uptime" : 1470624,
"uptimeMillis" : NumberLong(1470624043),
"uptimeEstimate" : 1415522,
"localTime" : ISODate("2016-11-07T04:13:33.328Z"),
"asserts" : {
"regular" : 0,
"warning" : 0,
"msg" : 0,
"user" : 62,
"rollovers" : 0
},
"connections" : {
"current" : 1,
"available" : 818,
"totalCreated" : NumberLong(6025)
},
"extra_info" : {
"note" : "fields vary by platform",
"heap_usage_bytes" : 60437840,
"page_faults" : 28
},
"globalLock" : {
"totalTime" : NumberLong("1470624234000"),
"currentQueue" : {
"total" : 0,
"readers" : 0,
"writers" : 0
},
"activeClients" : {
"total" : 8,
"readers" : 0,
"writers" : 0
}
},
"locks" : {
... ...
"storage" : {
"freelist" : {
"search" : {
"bucketExhausted" : NumberLong(0),
"requests" : NumberLong(0),
"scanned" : NumberLong(0)
}
}
},
"ttl" : {
"deletedDocuments" : NumberLong(0),
"passes" : NumberLong(24508)
}
},
"ok" : 1
}conclusion