views:

731

answers:

3

I am trying to figure out MongoDB in order to evaluate whether it is a route I would like to take for future applications or not. In order to deploy it sensibly on my server, I would have to run it with authentication enabled (i.e. with the --auth argument or with auth = true in the config file).

Installation seems relatively straightfoward and I have been proceeding with assistance from the documentation where necessary. In particular, the section on security does a pretty good job of explaining the process of running with auth enabled and inserting your first admin user. However, things have not proceeded according to plan.

Running without auth yields the result one would hope for - it runs, with the following output:

Thu Dec 10 21:14:24 Mongo DB : starting : pid = 9350 port = 27017 dbpath = /var/mongodb_data master = 0 slave = 0  64-bit 
Thu Dec 10 21:14:24 db version v1.3.0-, pdfile version 4.5
Thu Dec 10 21:14:24 git version: 32d56f6d81a98b569103149c9ffea9f25a1ece81
Thu Dec 10 21:14:24 sys info: Darwin erh2.10gen.cc 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:37:00 PST 2008; root:xnu-1228.9.59~1/RELEASE_I386 i386 BOOST_LIB_VERSION=1_37
Thu Dec 10 21:14:24 waiting for connections on port 27017

However, running with authentication (using either methods, arg or config directive) yields the following output and the process immediately exits:

Thu Dec 10 21:15:37 Mongo DB : starting : pid = 9361 port = 27017 dbpath = /var/mongodb_data master = 0 slave = 0  64-bit 
Thu Dec 10 21:15:37 User Exception unauthorized
Thu Dec 10 21:15:37  local.system.namespaces  Caught Assertion in runQuery ns:local.system.namespaces userassert:unauthorized
Thu Dec 10 21:15:37   ntoskip:0 ntoreturn:0
Thu Dec 10 21:15:37   query:{ name: /^local.temp./ }
Thu Dec 10 21:15:37 query local.system.namespaces ntoreturn:0 exception  0ms
Thu Dec 10 21:15:37 Dropping old temporary collection: 
Thu Dec 10 21:15:37 User Exception no collection name
Thu Dec 10 21:15:37   exception in initAndListen std::exception: no collection name, terminating
Thu Dec 10 21:15:37  dbexit: 
Thu Dec 10 21:15:37   shutdown: going to flush oplog...
Thu Dec 10 21:15:37   shutdown: going to close sockets...
Thu Dec 10 21:15:37   shutdown: waiting for fs...
Thu Dec 10 21:15:37   shutdown: closing all files...
Thu Dec 10 21:15:37      closeAllFiles() finished
Thu Dec 10 21:15:37   shutdown: removing fs lock...
Thu Dec 10 21:15:37  dbexit: really exiting now
ERROR: Client::shutdown not called!

As noted in the tags, this is running on OS X Snow Leopard and it is using the latest 1.3.x nightly OS X 64bit binary download (should I revert to 1.2 stable maybe?)

Any idea what's causing this and what I can do to resolve it? It's not so important on my local machine but I need it to work in secure mode to make it practical for any production use at all.


PS: if this should be on ServerFault rather than SO, feel free to have it moved there. I wasn't sure which environment suited it best.


Update:

I have tried running without auth, adding a user and rerunning with auth as recommended by mdirolf and Mathias. However, its still throwing up the same error. The user was added in the following manner:

Mark@Destiny mongodb$ sudo bin/mongo
MongoDB shell version: 1.3.0-
url: test
connecting to: test
type "help" for help
> use admin
switched to db admin
> db.addUser("Mark", "my-password-went-here")   
{ "user" : "Mark", "pwd" : "9934...be15da0" }
> db.system.users.find()
{ "_id" : ObjectId("4b216ed0be8a0b185767654e"), "user" : "Mark", "pwd" : "9934a190b...babe15da0" }
> exit
bye

Subsequent running without auth and entering the mongo shell prove the user is in fact still there. Am I doing something stupid?

+1  A: 

You need to add a user before starting with --auth. Start without --auth and add a user, then restart with --auth.

The security section has been updated to describe this.

mdirolf
Thanks for your answer. I've tried it but still being faced with the same thing. I have added more info to the question.
Splash
+1  A: 

You need to already have a user in the admin DB before starting the server with --auth. I just added a note to the docs to mention this so no one else is surprised.

By the way, most (if not all) production mongodb deployments run without auth. We recommend handling authentication in your application and configuring the firewall on your database server to only allow connections from your web/app servers.

Mathias Stearn
Yeah I hear you - I'd love to run it in that way too (much cleaner imo). However, I share the server with some others (outside my control as I can only afford to run the one at the moment), and unless I'm missing something, there's no way to limit it to only being available to me, rather the local machine only.
Splash
A: 

Ahh, looks like you found a bug in master. I've created a case for it: http://jira.mongodb.org/browse/SERVER-474.

Please try the recently released mongodb 1.2.0. Git master (1.3.x branch) is not ready for use yet.

Mathias Stearn
Hehe fair enough. Falling back to 1.2 is not really a problem. Thanks for your help - I really should know better than to assume nightly builds of anything are ever totally issue-free... :)
Splash