Table of Contents

Overview

Unlike other databases, MongoDB can be started without any authentication, meaning that everyone CAN connect from outside. In order to limit that and enable authentication, we should basically do 2 things:

  1. Create all powerful user
  2. Enable Authentication

Create all powerful User

The user creation is rather simple in Mongo as you can see below:

[root@lpara ~]# mongo --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/test
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "adminDBA",
...     pwd: "password123",
...     roles: [
... { role: "userAdminAnyDatabase", db: "admin" },
... { role: "root", db: "admin" },
... { role: "dbOwner", db: "admin" },
... { role: "userAdmin", db: "admin" }]
...   }
... )
Successfully added user: {
        "user" : "adminDBA",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                },
                {
                        "role" : "root",
                        "db" : "admin"
                },
                {
                        "role" : "dbOwner",
                        "db" : "admin"
                },
                {
                        "role" : "userAdmin",
                        "db" : "admin"
                }
        ]
}
>
> show users
{
        "_id" : "admin.adminDBA",
        "user" : "adminDBA",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                },
                {
                        "role" : "root",
                        "db" : "admin"
                },
                {
                        "role" : "dbOwner",
                        "db" : "admin"
                },
                {
                        "role" : "userAdmin",
                        "db" : "admin"
                }
        ]
}
>
bye

This command will create you a user called adminDBA in database: admin (important) and grant him all rights.

Enable Authentication

Authentication in Mongo is disabled by default. Meaning everyone can connect to the database who has access to the server. Furthermore to enable authentication it depends on the version.

To enable authentication ⇐ 2.6: you should start the Mongo in special way, as follows:

For Version 2.6 or less

===Stop===
> db.shutdownServer()
2018-03-21T05:44:57.403+0100 DBClientCursor::init call() failed
server should be down...
2018-03-21T05:44:57.417+0100 trying reconnect to 127.0.0.1:9005 (127.0.0.1) fail                                                             ed
2018-03-21T05:44:57.417+0100 warning: Failed to connect to 127.0.0.1:9005, reaso                                                             n: errno:111 Connection refused
2018-03-21T05:44:57.417+0100 reconnect 127.0.0.1:9005 (127.0.0.1) failed failed                                                              couldn't connect to server 127.0.0.1:9005 (127.0.0.1), connection attempt failed
>
bye
===Start===
[root@lpara ~]# mongod --auth -f /etc/mongod.conf -fork
about to fork child process, waiting until server is ready for connections.
forked process: 3931
child process started successfully, parent exiting

Or you can enable it in the configuration file:

auth = true

For versions 2.8 or higher

To enable authentcation > 2.6 You can edit the /etc/mongod.conf file as follows:

security:
  authorization: "enabled"

Connection

In order to connect, we have to enter the username and password as follows:

[root@lpara ~]# mongo admin -u adminDBA -p password123 --port 9005
MongoDB shell version: 2.6.12
connecting to: 127.0.0.1:9005/admin
> use admin
switched to db admin
> show users
{
        "_id" : "admin.adminDBA",
        "user" : "adminDBA",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                },
                {
                        "role" : "root",
                        "db" : "admin"
                },
                {
                        "role" : "dbOwner",
                        "db" : "admin"
                },
                {
                        "role" : "userAdmin",
                        "db" : "admin"
                }
        ]
}
>