Enabling Authentication is the most important and fundamental security feature that comes with MongoDB, so you need to make sure you properly configure it. No worries we will take you to step by step to enable authentication on mangodb easily. So let’s get started.
Usually, all “MongoDB as a Service” providers already enable authentication pre-emptively.
Steps to enable authentication on MongoDB
Start without access control
You need to start a standalone mongod instance without access control. For that, you open a terminal and run the following:
mongod --port 27017 --dbpath /var/lib/mongodb
Connect to the instance
You need to open a new terminal and then connect a mongo shell to the instance:
mongo --port 27017
You can additionally specify command-line options to connect the mongo shell to your deployment, like –host.
User administrator creation
In the admin database, create a user with the userAdminAnyDatabase role from the mongo shell. As required, add additional roles for this user. For example, create the user myUserAdmin in the admin database with the userAdminAnyDatabase role and the readWriteAnyDatabase role.
use admin
db.createUser (
{
user: "myUserAdmin",
pwd: passwordPrompt(),
roles: [{ role: "userAdminAnyDatabase", db: "admin"}, "readWriteAnyDatabase"]
}
)
Restart the MongoDB instance with access control
To restart the MongoDB instance with access control, follow the below steps:
1. Terminate the MongoDB instance. For example, execute the following command from the mongo shell.
db.adminCommand ({ shutdown: 1 })
2. Exit the Mongo shell.
3. Begin the Mongod with access control set up.
- Add the —auth command-line option if you’re starting Mongod from the command line.
mongod --auth --port 27017 --dbpath /var/lib/mongodb
- Add the security. authorization configuration file setting, if you start the mongod using a configuration file.
security: authorization: enabled
Clients connecting to this instance must verify as a MongoDB user. Clients should only execute acts that are determined by their positions.
Connect and verify as the user administrator
By using Mongo Shell, you can
- Pass in user credentials to connect with authentication, or
- Connect without authentication first, and then verify using the db.auth() process.
During authentication connection
Start a mongo shell with the following command-line options: -u username>, -p, and
—authenticationDatabase <database>
mongo --port 27017 --authenticationDatabase "admin" -u "myUserAdmin" –p
Enter your password when suggested.
After authentication connection
To connect the mongo shell to the mongod, follow the command:
mongo --port 27017
Switch to the authentication database (in this case, admin) in the mongo shell and verify using the db.auth(username>, pwd>) method:
use admin
db.auth ("myUserAdmin", passwordPrompt())
Enter your password when suggested.
Creating Additional users
Use db.createUser() to create additional users after verified as the user administrator. Users may assign either built-in or user-defined functions.
The following procedure creates a user named myTester in the test database, with readWrite permissions in both the test and the reporting databases:
use test
db.createUser(
{
user: "myTester",
pwd: passwordPrompt(),
roles: [{ role: "readWrite", db: "test" }, { role: "read", db: "reporting" }]
}
)
Disconnect the Mongo shell after creating the additional users.
NOTE: The user’s authentication database is the database where you have created the user (in this case, test). Even though the user must authenticate to this database, the user will have functions in other databases. In other words, the user’s authentication database does not limit the user’s rights.
Hope these steps helped you to enable authentication on MongoDB. If you get stuck in any of these steps, you can get assistance from us.
You can check: Steps to Install MySQL 8.0 on Ubuntu 20.04
To get updates follow us on Facebook, Twitter, LinkedIn
Subscribe to get free blog content to your Inbox
