Mongodump is not working , getting "not authorized"

Sivaprakash_Gopal · February 22, 2023, 12:01pm

We have a 3 node replicaset, we would like to take backup using mongodump, however we are unable to take as we we are getting the below error

Failed: error getting database names: not authorized on admin to execute command { listDatabases: 1, $readPreference: { mode: "secondaryPreferred" }, $db: "admin" }

even in the mongo shell, we are unable to execute any command

e.g

repls:SECONDARY> show dbs 2023-02-22T11:58:47.347+0000 E QUERY [thread1] Error: listDatabases failed:{ "operationTime" : Timestamp(1677067124, 1), "ok" : 0, "errmsg" : "there are no users authenticated", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : { "clusterTime" : Timestamp(1677067124, 1), "signature" : { "hash" : BinData(0,"MluRZXuKCH3HUbfpxVyjr2itT8I="), "keyId" : NumberLong("7180455251781091329") } } } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1 shellHelper.show@src/mongo/shell/utils.js:860:19 shellHelper@src/mongo/shell/utils.js:750:15 @(shellhelp2):1:1 repls:SECONDARY>

Please help to resolve this

Ramachandra_Tummala · February 22, 2023, 1:26pm

As which user you are running mongodump?
Does that user have proper privileges?
For shell commands connect to your primary
You are connected to secondary

Sivaprakash_Gopal · February 22, 2023, 5:10pm

I am running from root user
root user should have all the privilege’s correct .?
I have tried from primary as well , same output as mentioned before

Yilmaz_Durmaz · February 22, 2023, 9:38pm

being named “admin” or “root” does not immediately mean you have access to everything. it depends on how that user was added, namely the “role” and “db” fields.

also possible you are not giving the correct parameters can you give us the exact command you are using (without the password, of course)?

tapiocaPENGUIN · February 22, 2023, 10:14pm

Can you please show us the mongodump command you are running? Did you add the -u to the command to authenticate into the database?

When you say you are “root” do you mean on the server/vm or did you authenticate into the mongodb shell? Because just because you are root on the server doesn’t mean you have authorization to run commands on MongoDB until you authenticate.

Sivaprakash_Gopal · February 23, 2023, 7:05am

Thanks for the response, the replica set was configured by a developer who is not with us currently, we dont know how this was setup what user(s) were added ; we only have the root user account for the ubuntu server. however there are prod databases running ;
Since we dont have any user account /password which were added
is there a way that we can create new user account /password for the existing databases running on this replica set to manage and take the backup using mongodump …?

Ramachandra_Tummala · February 23, 2023, 8:26am

Share your mongodump command and how you login/connect to your cluster.
You can hide sensitive details like password/cluster name,address etc

Sivaprakash_Gopal · February 23, 2023, 8:56am

Thanks for the response, i am not giving any parameters ; i am logging in as root in one of the node and executing mongodump

root@:~# mongodump
2023-02-23T08:55:00.684+0000 Failed: error getting database names: not authorized on admin to execute command { listDatabases: 1, $readPreference: { mode: “secondaryPreferred” }, $db: “admin” }
root@:~#

Yilmaz_Durmaz · February 23, 2023, 9:01am

log in to the host machine and, in the terminal, simply run mongosh without parameters, then the following in it.

use admin
db.getUsers()

if you get an unauthorized error, that means you need to supply credentials. if you had no fight with that developer (and I believe not, as your database still works), just ask him/her about the administrator username/password.

PS: try mongo if mongosh is not found

Sivaprakash_Gopal · February 23, 2023, 9:26am

Thank you
below is the output i get

*****:PRIMARY> use admin
switched to db admin
apollo:PRIMARY> db.getUsers()
2023-02-23T09:24:09.245+0000 E QUERY [thread1] Error: there are no users auth enticated :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1686:1
@(shell):1:1
*****:PRIMARY>

Yilmaz_Durmaz · February 23, 2023, 10:36am

this one has the same cause: you need a user authentication to use with mongodump -u someuser where “someuser” has a suitable role to access all databases such as “root”.

with that said, it is unfortunate that there is no easy way (if any exists) to remove this restriction for a replica set. You will agree that this security is not just for access from within the service, but also from the hackers’ eyes that might infiltrate your host machine.

Unless we got more suggested ways from community members that has experienced a similar situation and found a solution, these two are the immediate ones for the moment:

call that developer. it is highly possible he/she has recorded the password somewhere you can access. minimum pain.
find where “mongod.conf” file is, and from its content find where “dbpath” is located. it is under “/data/db” for a docker container. you can back up that folder manually (or with a script).

PS: mongodump dumps everything on the service/replicaset member, so needs an admin-level access. however, if you need only backup a single database, and have a compatible user/role for that database, you can use mongoexport instead.

Sivaprakash_Gopal · February 23, 2023, 11:11am

Thanks for the suggestions
Calling the developer is not an option for us currently unfortunately.
Can we take the backup ( copying the DB path manually or with a script) when the databases are online …?

Yilmaz_Durmaz · February 23, 2023, 11:43am

is it “currently” or “never”?

currently, you can stop the mongodb service in each host, only then backup that folder. but to be able to use it again, you need to be on the same host/folder, or also copy other things like config file, security key file, etc. and then construct a similar host system.

the other possibility sounds creepy. it is not enough to simply backup folders. you need to work on all replica set members to remove authentication, then create new admin users etc. I have a link you may try to follow, but you can easily see it is not something simple. read and apply very carefully. you may want to get a backup of the data folder first. Linux, DevOps, Middleware and Cloud: How to reset mongodb rootadmin password ?? (linuxhelp4u.blogspot.com)

EDIT: the security section of the config file in that link is n line 20-21-22, and the author uses them in sed command as 20,22. your configuration will be different, so carefull with such details.

Sivaprakash_Gopal · February 23, 2023, 1:02pm

Thank you
Calling the developer is never an option

Also i should have mentioned this earlier, all three replica set members are on azure cloud and we have snapshot being taken , can that be used instead of backing up the DB folders manually …?

Yilmaz_Durmaz · February 23, 2023, 10:00pm

I haven’t worked that much on azure, or other clouds, myself, so I can’t conclude how this snapshot thing works. but be careful about its type. there is a concept of “incremental snapshot” that just saves the difference between the last save and now, and it differs from a single-full backup. check what type is yours.

also, the running instances and data volumes might reside in different places. so you also need to be careful with them too. the service config file might also be in another place. you need to check the cloud settings and make a mapping for these.

but overall, you will need to back up the data and config first, then work on the config file to fix the auth user problem.