Overview
Unlike other databases, MongoDB can be started without any authentication, meaning that everyone CAN connect from outside. In order to limit that and enable authentication, we should basically do 2 things:
- Create all powerful user
- Enable Authentication
Create all powerful User
The user creation is rather simple in Mongo as you can see below:
[root@lpara ~]# mongo --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/test
> use admin
switched to db admin
> db.createUser(
... {
... user: "adminDBA",
... pwd: "password123",
... roles: [
... { role: "userAdminAnyDatabase", db: "admin" },
... { role: "root", db: "admin" },
... { role: "dbOwner", db: "admin" },
... { role: "userAdmin", db: "admin" }]
... }
... )
Successfully added user: {
"user" : "adminDBA",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
bye
This command will create you a user called adminDBA in database: admin (important) and grant him all rights.
Enable Authentication
Authentication in Mongo is disabled by default. Meaning everyone can connect to the database who has access to the server. Furthermore to enable authentication it depends on the version.
To enable authentication ⇐ 2.6: you should start the Mongo in special way, as follows:
For Version 2.6 or less
===Stop=== > db.shutdownServer() 2018-03-21T05:44:57.403+0100 DBClientCursor::init call() failed server should be down... 2018-03-21T05:44:57.417+0100 trying reconnect to 127.0.0.1:9005 (127.0.0.1) fail ed 2018-03-21T05:44:57.417+0100 warning: Failed to connect to 127.0.0.1:9005, reaso n: errno:111 Connection refused 2018-03-21T05:44:57.417+0100 reconnect 127.0.0.1:9005 (127.0.0.1) failed failed couldn't connect to server 127.0.0.1:9005 (127.0.0.1), connection attempt failed > bye ===Start=== [root@lpara ~]# mongod --auth -f /etc/mongod.conf -fork about to fork child process, waiting until server is ready for connections. forked process: 3931 child process started successfully, parent exiting
Or you can enable it in the configuration file:
auth = true
For versions 2.8 or higher
To enable authentcation > 2.6 You can edit the /etc/mongod.conf file as follows:
security: authorization: "enabled"
Connection
In order to connect, we have to enter the username and password as follows:
[root@lpara ~]# mongo admin -u adminDBA -p password123 --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/admin
> use admin
switched to db admin
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>