======Overview======
Unlike other databases, MongoDB can be started without any authentication, meaning that everyone CAN connect from outside.
In order to limit that and enable authentication, we should basically do 2 things:
- Create all powerful user
- Enable Authentication
=====Create all powerful User=====
The user creation is rather simple in Mongo as you can see below:
[root@lpara ~]# mongo --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/test
> use admin
switched to db admin
> db.createUser(
... {
... user: "adminDBA",
... pwd: "password123",
... roles: [
... { role: "userAdminAnyDatabase", db: "admin" },
... { role: "root", db: "admin" },
... { role: "dbOwner", db: "admin" },
... { role: "userAdmin", db: "admin" }]
... }
... )
Successfully added user: {
"user" : "adminDBA",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
bye
This command will create you a user called adminDBA in database: admin (important) and grant him all rights.
=====Enable Authentication=====
Authentication in Mongo is disabled by default. Meaning everyone can connect to the database who has access to the server.
Furthermore to enable authentication it depends on the version.
To enable authentication <= 2.6: you should start the Mongo in special way, as follows:
====For Version 2.6 or less====
===Stop===
> db.shutdownServer()
2018-03-21T05:44:57.403+0100 DBClientCursor::init call() failed
server should be down...
2018-03-21T05:44:57.417+0100 trying reconnect to 127.0.0.1:9005 (127.0.0.1) fail ed
2018-03-21T05:44:57.417+0100 warning: Failed to connect to 127.0.0.1:9005, reaso n: errno:111 Connection refused
2018-03-21T05:44:57.417+0100 reconnect 127.0.0.1:9005 (127.0.0.1) failed failed couldn't connect to server 127.0.0.1:9005 (127.0.0.1), connection attempt failed
>
bye
===Start===
[root@lpara ~]# mongod --auth -f /etc/mongod.conf -fork
about to fork child process, waiting until server is ready for connections.
forked process: 3931
child process started successfully, parent exiting
Or you can enable it in the configuration file:
auth = true
====For versions 2.8 or higher====
To enable authentcation > 2.6
You can edit the /etc/mongod.conf file as follows:
security:
authorization: "enabled"
=====Connection=====
In order to connect, we have to enter the username and password as follows:
[root@lpara ~]# mongo admin -u adminDBA -p password123 --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/admin
> use admin
switched to db admin
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>