Creating regular users in CouchDB

Question

How can I create regular, non-admin users in CouchDB?

Answer 1

First you put the user in _users database. The ID of the document must be org.couchdb.user:username, e.g.

With CouchDB 1.2.0 or later use this:

{     "_id": "org.couchdb.user:dbreader",     "name": "dbreader",     "type": "user",     "roles": [],     "password": "plaintext_password" } 

CouchDB will hash & salt the password for you on the server side and save the values in the fields password_sha and salt (see below).

With CouchDB < 1.2.0 the user document needs to look like this:

{     "_id": "org.couchdb.user:dbreader",     "name": "dbreader",     "type": "user",     "roles": [],     "salt": "54935938852dd34f92c672ab31e397cedaf0946d",     "password_sha": "42253ea4461a604f967813aaff90b139d7018806" } 

Note that CouchDB 1.3.0 and later will use PBKDF2 instead of aha & salt for hashing the password.

Then you can create per database authentication by creating document with id _security in specific database which is not versioned, e.g.

{     "admins": {         "names": ["dbadmin"],         "roles": ["editor"]     },     "readers": {         "names": ["dbreader"],         "roles": ["reader"]     } } 

This means that there are 2 users in _users besides the admin dbadmin and dbreader. That should do in case you are too lazy to read the document that has already been suggested.

Answer 2

The CouchDB documentation has a short article about the security features of CouchDB, and it includes a section on how to create a new user.