Unable to change own (non-admin) user password

[Sumanta Dutta]

1.       I created a role with changeOwnPassword privilege

mongos> db.getRole("changeOwnPasswordRole",{showPrivileges:true})

{

        "role" : "changeOwnPasswordRole",

        "db" : "admin",

        "isBuiltin" : false,

        "roles" : [ ],

        "inheritedRoles" : [ ],

        "privileges" : [

                {

                        "resource" : {

                                "cluster" : true

                        },

                        "actions" : [

                                "changeOwnPassword"

                        ]

                }

        ],

        "inheritedPrivileges" : [

                {

                        "resource" : {

                                "cluster" : true

                        },

                        "actions" : [

                                "changeOwnPassword"

                        ]

                }

        ]

}

mongos>

 

2.       I granted the role to non-admin read-only user

mongos> db.getUser("sdutta")

{

        "_id" : "admin.sdutta",

        "user" : "sdutta",

        "db" : "admin",

        "roles" : [

                {

                        "role" : "changeOwnPasswordRole",

                        "db" : "admin"

                },

                {

                        "role" : "readAnyDatabase",

                        "db" : "admin"

                }

        ]

}

 

3.       Tried to change password without luck. I hope it’s not expecting readWrite. 

mongos> db.changeUserPassword("sdutta","test2")

2017-01-17T18:38:29.078-0500 E QUERY    [thread1] Error: Updating user failed: not authorized on admin to execute command { updateUser: "sdutta", pwd: "xxx", writeConcern: { w: "majority", wtimeout: 30000.0 }, digestPassword: false } :

_getErrorWithCode src/mongo/shell/utils.js:25:13

DB.prototype.updateUser src/mongo/shell/db.js:1319:15

DB.prototype.changeUserPassword src/mongo/shell/db.js:1323:9

@(shell):1:1

Am I missing anything?

Thanks!

[Sumanta Dutta]

BTW, we are using following versions if that's what was missing in my original post -

MongoDB shell version: 3.2.5

MongoS version 3.2.5 

git version: 34e65e5383f7ea1726332cb175b73077ec4a1b02

OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013

[Samantha Ritter]

Hi Sumanta,

Are you sure you are logged in as "sdutta" when you try to change the password for that user? Authenticating was not listed in the steps that you outlined above. If you log in first, I would expect this to work:

> db.auth("sdutta", "old_password")

> db.changeUserPassword("sdutta", "new_password")

Let me know if that works for you.

Thanks,
Sam

[Sumanta Dutta]

Hi Sam,

The problem was { cluster : true }. It should be { db : "admin", collection : "" }.

Cheers,

Sumanta

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/bTUqAMuoEKA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user+unsubscribe@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.

To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/86261e42-e6fd-4dd0-b5bf-b5b457c7f6c9%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.