Menu
I want to set up user name & password authentication for my MongoDB instance, so that any remote access will ask for the user name & password. I tried the tutorial from the MongoDB site and did following:
use admin db.addUser('theadmin', '12345'); db.auth('theadmin','12345'); After that, I exited and ran mongo again. And I don't need password to access it. Even if I connect to the database remotely, I am not prompted for user name & password.
UPDATE Here is the solution I ended up using
1) At the mongo command line, set the administrator: use admin; db.addUser('admin','123456'); 2) Shutdown the server and exit db.shutdownServer(); exit 3) Restart mongod with --auth $ sudo ./mongodb/bin/mongod --auth --dbpath /mnt/db/ 4) Run mongo again in 2 ways: i) run mongo first then login: $ ./mongodb/bin/mongo localhost:27017 use admin db.auth('admin','123456'); ii) run & login to mongo in command line. $ ./mongodb/bin/mongo localhost:27017/admin -u admin -p 123456 The username & password will work the same way for mongodump and mongoexport.
545
If SSL Connection is Disabledusername — the admin user name that you created to log in to the MongoDB Server. password — the admin password used to log in to the MongoDB Server. database_name — the name of the database that includes the authentication credentials of the created admin user.
So to create an administrative user first we use the admin database. In this database, we create an admin user using the createUser() method. In this method, we set the user name is “hello_admin”, password is “hello123” and the roles of the admin user are readWrite, config, clusterAdmin.
To restrict MongoDB access by enabling authentication In the mongoconfiguration, set auth = true and restart the mongo service.
You need to start mongod with the --auth option after setting up the user.
From the MongoDB Site:
Run the database (mongod process) with the
--authoption to enable security. You must either have added a user to the admin db before starting the server with--auth, or add the first user from the localhost interface.
MongoDB Authentication
106
Wow so many complicated/confusing answers here.
This is as of v3.4.
Start MongoDB without access control.
mongod --dbpath /data/db
Connect to the instance.
mongo
Create the user.
use some_db db.createUser( { user: "myNormalUser", pwd: "xyz123", roles: [ { role: "readWrite", db: "some_db" }, { role: "read", db: "some_other_db" } ] } )
Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
Connect and authenticate as the user.
use some_db db.auth("myNormalUser", "xyz123") db.foo.insert({x:1}) use some_other_db db.foo.find({})
It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/
If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/
Start MongoDB without access control.
mongod --dbpath /data/db
Connect to the instance.
mongo
Create the user administrator. The following creates a user administrator in the admin authentication database. The user is a dbOwner over the some_db database and NOT over the admin database, this is important to remember.
use admin db.createUser( { user: "myDbOwner", pwd: "abc123", roles: [ { role: "dbOwner", db: "some_db" } ] } )
Or if you want to create an admin which is admin over any database:
use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
Connect and authenticate as the user administrator towards the admin authentication database, NOT towards the some_db authentication database. The user administrator was created in the admin authentication database, the user does not exist in the some_db authentication database.
use admin db.auth("myDbOwner", "abc123")
You are now authenticated as a dbOwner over the some_db database. So now if you wish to read/write/do stuff directly towards the some_db database you can change to it.
use some_db //...do stuff like db.foo.insert({x:1}) // remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example. More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/
If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.
Create a normal user. This user will be created in the some_db authentication database down below.
use some_db db.createUser( { user: "myNormalUser", pwd: "xyz123", roles: [ { role: "readWrite", db: "some_db" }, { role: "read", db: "some_other_db" } ] } )
Exit the mongo shell, re-connect, authenticate as the user.
use some_db db.auth("myNormalUser", "xyz123") db.foo.insert({x:1}) use some_other_db db.foo.find({})
Last but not least due to users not reading the commands I posted correctly regarding the --auth flag, you can set this value in the configuration file for mongoDB if you do not wish to set it as a flag.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
