How to enable authentication in MongoDB?

By default MongoDB does not require username and password to access the data. This is good for development environment, but on production setup we should enable authentication to enhance security.

Follow below steps to setup authentication/access control in MongoDB. These steps are performed on Ubuntu machine but should work on any Linux setup.

1. Start MongoDB without access control enabled
sudo service mongod start

2. Connect to MongoDB instance
mongo --port 27017

3. Switch to 'admin' database
user admin;

4. Create admin user
   
    This creates a new user in 'admin' database with role as 'userAdminAnyDatabase', which allows user to grant any user any privilege on any database.
db.createUser(

  {

    user: "<user-admin>",

    pwd: "<user-admin-password>",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

5. Disconnect mongo shell and stop MongoDB.
sudo service mongod stop

6. Edit mongod.conf file to enable authentication.

    Open mongod.conf file in editor (My preference vim)
sudo vi /etc/mongod.conf

7. Add following lines to enable authentication.
security:

  authorization: enabled

8. Restart MongoDB instance.
sudo service mongod restart

9. Connect and authenticate as the user administrator.
mongo --port 27017 -u "<user-admin>" -p "<user-admin-password>" --authenticationDatabase "admin"

10. Create user for application database.
use <app-db>;

db.createUser(

  {

    user: "<app-db-user>",

    pwd: "<app-db-password>",

    roles: [ { role: "readWrite", db: "<app-db>" } ]

  }

)

11. Connect and authenticate to application database.
mongo --port 27017 -u "<app-dv-user>" -p "<app-db-password>" --authenticationDatabase "<app-db>"

*Note: To authentication after connecting to mongo shell.
use <app-db>;

db.auth("<app-db-user>", "<app-db-password>");

0 comments:

Post a Comment