snippetMinor
How to setup authentication for connections on MongoDB?
Viewed 0 times
mongodbauthenticationsetupforhowconnections
Problem
How to configure authentication for MongoDB when using mongo Shell or any other sort of client?
Solution
Here is a complete solution, including creation of a "super user", capable to access any resources and perform any operation.
Notice
-
First: the first access to MongoDB is made without authentication (
-
Second: the configuration file of MongoDB may differ, depending on which version are you using (3.x: mongod.conf / 2.x: mongodb.conf)
Creating User
Verifying User Creation and Authentication
Enabling Authentication
check which config file is using MongoDB
MongoDB 3.x
MongoDB 2.x
Restart MongoDB (SysV script)
Connecting via Mongo Shell
Notice: you can just hit
For dropping a user:
References:
Notice
-
First: the first access to MongoDB is made without authentication (
$ mongo). -
Second: the configuration file of MongoDB may differ, depending on which version are you using (3.x: mongod.conf / 2.x: mongodb.conf)
Creating User
> use admin
switched to db admin
> db.createUser( {user:"mongo", pwd:"mongo", roles:["root"]} )
Successfully added user: { "user" : "mongo", "roles" : [ "root" ] }Verifying User Creation and Authentication
> db.getUser("mongo")
{
"_id" : "admin.mongo",
"user" : "mongo",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> db.auth("mongo","mongo")
1Enabling Authentication
check which config file is using MongoDB
$ ps aux | grep mongo
mongodb 12583 0.5 3.4 2381948 281140 ? Sl 18:34 0:06 /usr/bin/mongod --config /etc/mongod.confMongoDB 3.x
$ grep -A 1 security /etc/mongod.conf
security:
authorization: enabledMongoDB 2.x
$ grep -B 2 auth=True /etc/mongodb.conf
# Turn on/off security. Off is currently the default
#noauth = true
auth=TrueRestart MongoDB (SysV script)
$ /etc/init.d/mongodb restartConnecting via Mongo Shell
$ mongo -u mongo -p --authenticationDatabase admin
MongoDB shell version v3.4.3
Enter password: **********
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.3
> show dbs
admin 0.078GB
android 0.078GB
blog 0.078GB
games 0.078GB
school 0.078GBNotice: you can just hit
mongo and open the Mongo Shell, but it will not let you perform any action, due to the fact that you were not previously authenticated.$ mongo
MongoDB shell version v3.4.3
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.3
> show dbs
2017-10-03T19:04:55.953+0000 E QUERY [thread1] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
shellHelper.show@src/mongo/shell/utils.js:761:19
shellHelper@src/mongo/shell/utils.js:651:15
@(shellhelp2):1:1
>For dropping a user:
> use admin
> db.dropUser("myuser")References:
- https://docs.mongodb.com/manual/tutorial/enable-authentication/
- https://docs.mongodb.com/manual/reference/configuration-options/
- https://docs.mongodb.com/manual/core/security-built-in-roles/
Code Snippets
> use admin
switched to db admin
> db.createUser( {user:"mongo", pwd:"mongo", roles:["root"]} )
Successfully added user: { "user" : "mongo", "roles" : [ "root" ] }> db.getUser("mongo")
{
"_id" : "admin.mongo",
"user" : "mongo",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> db.auth("mongo","mongo")
1$ ps aux | grep mongo
mongodb 12583 0.5 3.4 2381948 281140 ? Sl 18:34 0:06 /usr/bin/mongod --config /etc/mongod.conf$ grep -A 1 security /etc/mongod.conf
security:
authorization: enabled$ grep -B 2 auth=True /etc/mongodb.conf
# Turn on/off security. Off is currently the default
#noauth = true
auth=TrueContext
StackExchange Database Administrators Q#187563, answer score: 5
Revisions (0)
No revisions yet.