#createuser

Create a new user in Linux

Table of Contents: Adding new user Changing Password User Login Switch User Granting Admin Privileges User Aliases Reloading Aliases Testing Conclusion >Adding new user:Creating new user with the name "testuser" shown as below. # useradd testuser

> Changing Password:Creating password for newly created  user ( ie., testuser )# passwd testuserChanging password for user testuser. New UNIX password: # set passwordRetype new UNIX password: # confirmpasswd: all authentication tokens updated successfully.

> User Login:Login with newly created user ( ie., testuser ).  localhost login: testuser  # Enter user-name .password:                          #  Enter  testuser password ( Password  will not be display ) Then press Enter.

> Switch user:We can switch between users by using 'su' command. the below example is switch to root user.su  - l  $ su -l root      # switch user to root , if we did not type  any username then it will take root user by default . ie., we can login to root by using 'su - ' as well.Password:                      # Enter root password#                    # we have logged into root user. the '#' indicates that we are now using root user.

>Granting Administrative Privileges:Assigning administrative privileges to a user to execute root commands without switching to root user. ( ie., testuser ) # usermod -G wheel testuserEdit '/etc/pam.d/su' file. the file looks like as below.# vi /etc/pam.d/su#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so

Un Comment the below lines from the file."auth sufficient pam_wheel.so trust use_uid" "auth required pam_wheel.so use_uid"The file will be looks like below.# vi /etc/pam.d/su#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so

> User aliases: Creating an alias for the root user and forwarding all root user emails another user. ( ie., testuser ) # vi /etc/aliasesuncomment the last line and enter the username as shown below.root: testuser

> Reloading aliases: # newaliases

> Testing:Try to login to root user from testuser. in general, it should ask for the password. but testuser having root privileges so that we can login without entering any password like a root user.$ su -l root #

Securing MongoDB – User Administration

The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles The definition of createUser as follows { user: "", pwd: "password>", customData: { }, roles: [ { role: "", db: "" }, { role: "", db: ""}, ... ] } Role Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB…

Adding User in MongoDB

Let’s get started with routine MongoDB administration work. One of the first priorities for Database administrators is to ensure their Database is secure. The best way to handle security with MongoDB is to run it in a trusted environment,ensuring that only trusted users are able to connect to the server.

Each database in a MongoDB instance can have any number of users.When security is enabled, only authenticated users of a database are able to perform read or write operations.There are two special databases: users in the admin and local databases can perform operations on any database.After authenticating, admin users are able to read or write from any database and are able to perform certain admin-only commands, such as listDatabases or shutdown.

Let’s add some users to “admin” and example “mymongo” database with different roles.

Note — The ‘addUser’ shell helper is DEPRECATED. Use ‘createUser’ instead

Adding a “root” user in mongodb .(admin database) >use admin switched to db admin >db.createUser( … { … user: “superuser”, … pwd: “pass”, … roles: [ “root” ] … } … ) Successfully added user: { “user” : “superuser”, “roles” : [ “root” ] }

Adding a “readOnly” user (mymongo database) >db.createUser( { user: “db_read1”, pwd: “pass”, roles: [ { role: “read”, db: “mymongo” }]})

Adding a “readWrite” user (mymongo database) db.createUser( {  user: “db_write”,  pwd: “pass”,roles:  [{ role: “readWrite”, db: “mymongo” } ] })

Now restart the server, this time adding the – -auth command-line option or in mongodb.conf as auth=true to enable security.

When we first connect, we are unable to perform any operations (read or write) on the mymongo database.

#mongo mymongo -u db_read1 -p MongoDB shell version: 2.6.4 Enter password: connecting to: mymongo

>db.collection1.findOne() { “_id” : ObjectId(“54da125004655bd6347700d3”), “x” : 1 } > db.collection1.insert({o:99}) WriteResult({ “writeError” : { “code” : 13, “errmsg” : “not authorized on mymongo to execute command { insert: \”collection1\”, documents: [ { _id: ObjectId(’54da150f7a2bdd3ffd58bb93′), o: 99.0 } ], ordered: true }” } })

After authenticating as the “db_read1” user, however, we are able to perform a simple find. When we try to insert data, we are met with a failure because of the lack of authorization.

So we try with “db_write” user.

# mongo mymongo -u db_write -p MongoDB shell version: 2.6.4 Enter password: connecting to: mymongo > > db.collection1.insert({u:23}) WriteResult({ “nInserted” : 1 })

root(superuser) user, who is able to perform operations on any database.

]# mongo admin -u superuser -p MongoDB shell version: 2.6.4 Enter password: connecting to: admin > use mymongo switched to db mymongo > db.collection1.insert({k:4444}); WriteResult({ “nInserted” : 1 })

With sharding, the admin database is kept on the config servers, so shard mongods have no idea it even exists. Therefore, as far as they know, they are running with authentication enabled but no admin user.Thus, shards will allow a local client to read and write from them without authentication. However, if you are worried about clients running locally on shards and connecting directly to them instead of going through the mongos, you may wish to add admin users to your shards.

Make sure that  replica sets on which you are creating users ,are already shards(i.e added) in the cluster. If you create an admin user and then try to add the mongods as a shard the addShard command will not work (because the cluster already contains an admin database).