I'm trying to set up backups on a mongoDB instance (version 4.4) using mongodump. That requires access to the config database and my mongo user doesn't have that, despite being in the root role. (From my understanding of the documentation on built-in roles, a user with the root role should be able to backup all databases on the instance.)
When I try to run mongodump, I get this error:
root@mongo-db1:/srv/mongo# mongodump --username=rcroot --password="secret" --out=/var/backups/20200925
2020-09-26T05:40:20.138+0000 Failed: error counting config.system.indexBuilds: not authorized on config to execute command { count: "system.indexBuilds", query: {}, $readPreference: { mode: "secondaryPreferred" }, $db: "config" }
So apparently my user doesn't have access to config. Here's my user:
rs0:PRIMARY> db.getUser("rcroot")
{
"_id" : "admin.rcroot",
"userId" : UUID("81fc86ff-6d12-4d23-83ab-7fc2591516a2"),
"user" : "rcroot",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
I get similar errors to the above if I log in to the mongo shell with my root user and try to access anything in the config database. I do have authentication enabled, as I am starting mongod with the --auth flag:
mongod --auth --replSet rs0 --keyFile /data/db/keyfile --enableMajorityReadConcern false
So my question is: what do I need to do to grant this user true root access to all databases on my mongo instance?
Best Answer
It turns out this was caused by a version mismatch between the
mongodumpexecutable and themongodserver. (I was runningmongodwithin a docker container, and I was trying to do backups from the host outside the container which had a different version of the tools installed.)When I switched to the
mongodumpversion that shipped with the server version, it worked fine.