Mongodb enable authentication (Enable Access Control)
Hi Folks,
In the context of databases, authentication acquires one more dimension because it may happen at different levels. It may be performed by the database itself, or the setup may be changed to allow either the operating system, or some other external method, to authenticate users.
Usually most of the databases like MySQL, MS SQL, Postgres, etc. comes with basic level of authentication. But in case of MongoDB the same cannot be said. MongoDB comes without any default authentication mechanisms. This provides restriction free access to all the users who can access any database or any data within it. This in trun raises security concerns.
There is a way provided to set up username and passwod for accessing the MongoDB in the official documentation. But the details provided are not clear enough to re-produce the same.
In this blog, we are going to see an elaborate step wise description on how to enable authentication for the accessing the MongoDB. The details specified below are for MongoDB 3.X version.
1. Start MongoDB without access control. (No need, if service already running)
$ mongod --port 27017 --dbpath /data/db12. Connect to the instance
$ mongo --port 270173. Create the user administrator.
Add a user with the root role. For example, the following creates the user superAdmin on the admin database:
$ use admin
$ db.createUser(
{
user: "superAdmin",
pwd: "admin123",
roles: [ { role: "root", db: "admin" } ]
})4. Re-start the MongoDB instance with access control
Add the security.authorization setting to the config file
ubuntu: $ sudo vi /etc/mongod.conf
osx with brew version: $ sudo vi /usr/local/etc/mongod.confIt may look like this
systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
security:
authorization: enabledRestart mongodb
ubuntu: $ sudo service mongod restart
osx with brew version: $ brew services restart mongodb5. Connect to database instance with superAdmin access
$ mongo --port 27017 -u "superAdmin" -p "admin123" --authenticationDatabase "admin"6. Create user access (readWrite) for specific database
$ mongo --port 27017 -u "superAdmin" -p "admin123" --authenticationDatabase "admin"
$ use myAppDb
$ db.createUser(
{
user: "myAppDbUser",
pwd: "myApp123",
roles: [ "readWrite"]
})7. Try Connecting to the specific database with limited access
$ mongo --port 27017 -u "myAppDbUser" -p "myApp123" --authenticationDatabase "myAppDb"More user roles here Build in Roles
