MongoDB: set user/password to access to db

Question

I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).

I'm statring mongo server:

sudo ./mongod

Starting client:

./mongo

Setting password:

use admin
db.addUser("root", "root")
exit

The output is:

MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
    "user" : "root",
    "readOnly" : false,
    "pwd" : "2a8025f0885adad5a8ce0044070032b3",
    "_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit

Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?

Also tried to start mongo server with -auth parameter, the same result:

./mongod -auth

UPD: After starting with -auth parameter can't login with any pass. Getting:

Thu Dec 13 03:27:38 uncaught exception: error {
    "$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
    "code" : 10057
}

Update: I dont know what's goin on...

> db.auth("root","root");
1
> ^C
bye

It can login. Let's restart ./mongod --auth and ./mongo:

MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
    "$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
    "code" : 10057
}
> db.auth("root","root")
1

Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.

UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:

mongo_db.open(function(err,data){
  if(data){
    data.authenticate("root", "root",function(err2,data2){
         if(data2){
             console.log("Database opened");
         }
         else{
             console.log(err2);
         }
    });
  } else {
       console.log(err);
  }
});

And I get:

{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }

But mention, MongoHub with same credentials works fine.

Answer 1

From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.

Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.

At this point you can connect to the admin database and authenticate your admin user:

use admin
db.auth('root', 'root')

Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.

If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.

If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases

You can find more information on setting up authentication here and more information about setting up users here

Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)