Re: [mongodb-user] Changing user passwords in Mongo 2.4

[Jeff Lee]

I'm not sure it's documented anywhere but a quick peek at the code reveals: DB.prototype.changeUserPassword = function(username, password) {

$ mongo localhost/admin --eval "db.addUser({ user:'theadmin', pwd:'thepassword', roles:['clusterAdmin', 'userAdminAnyDatabase', 'readAnyDatabase']})"

$ mongo localhost/admin -u theadmin -p thepassword --eval "db.changeUserPassword('theadmin', 'thenewpassword')"

$ mongo localhost/admin -u theadmin -p thenewpassword --eval "printjson(db.system.users.findOne())"

MongoDB shell version: 2.4.3

connecting to: localhost/admin

{

        "_id" : ObjectId("5192d89b310e4a9b22431c47"),

        "pwd" : "d852f13d08bc3c7de3f7e764627a0f85",

        "roles" : [

                "clusterAdmin",

                "userAdminAnyDatabase",

                "readAnyDatabase"

        ],

        "user" : "theadmin"

}

Yay!

On Tue, May 14, 2013 at 4:12 PM, Egan Neuhengen <lightni...@gmail.com> wrote:

In Mongo version 2.2 the addUser function used to assert the username and password, modifying the existing user's password if it exists or creating a new entry if not. This appears to have been stripped from the system in 2.4 when using roles, such that running the current addUser function produces this error instead:

Tue May 14 15:19:58.257 JavaScript execution failed: User already exists with that username/userSource combination at src/mongo/shell/db.js:L125

Using the legacy addUser function to perform the task does not work either, because it attempts to assert the readOnly field as well:

Tue May 14 15:20:17.754 JavaScript execution failed: couldn't add user: system.users entry must not have both 'roles' and 'readOnly' fields at src/mongo/shell/db.js:L128

Attempting to set the field directly results in an un-hashed password in the document where a hashed password should be.

I couldn't find any information on changing passwords in the documentation for addUser or the user privilege documents. Are the only options to change a user password in 2.4 to either delete the user from the database and then recreate it, or to hash the password manually?

--
--
You received this message because you are subscribed to the Google
Groups "mongodb-user" group.
To post to this group, send email to mongod...@googlegroups.com
To unsubscribe from this group, send email to
mongodb-user...@googlegroups.com
See also the IRC channel -- freenode.net#mongodb
 
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Jeff Lee]

BTW  - I created DOCS-1515 if anyone's interested in following.

Cheers

[Egan Neuhengen]

Super helpful, Jeff! Indeed, even now knowing the function name, I can't find a trace of that function in the documentation, community, or internet at large, except for in the code, but it definitely looks like it works, so I say fantastic catch. Thanks for creating the documentation request as well.

Thanks again,
- Egan