I want to set up user name & password authentication for my MongoDB instance, so that any remote access will ask for the user name & password. I tried the tutorial from the MongoDB site and did following:
use admin
db.addUser('theadmin', '12345');
db.auth('theadmin','12345');
After that, I exited and ran mongo again. And I don't need password to access it. Even if I connect to the database remotely, I am not prompted for user name & password.
UPDATE Here is the solution I ended up using
1) At the mongo command line, set the administrator:
use admin;
db.addUser('admin','123456');
2) Shutdown the server and exit
db.shutdownServer();
exit
3) Restart mongod with --auth
$ sudo ./mongodb/bin/mongod --auth --dbpath /mnt/db/
4) Run mongo again in 2 ways:
i) run mongo first then login:
$ ./mongodb/bin/mongo localhost:27017
use admin
db.auth('admin','123456');
ii) run & login to mongo in command line.
$ ./mongodb/bin/mongo localhost:27017/admin -u admin -p 123456
The username & password will work the same way for mongodump
and mongoexport
.
This question is related to
authentication
mongodb
User creation with password for a specific database to secure database access :
use dbName
db.createUser(
{
user: "dbUser",
pwd: "dbPassword",
roles: [ "readWrite", "dbAdmin" ]
}
)
First run mongoDB on terminal using
mongod
now run mongo shell use following commands
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Re-start the MongoDB instance with access control.
mongod --auth
Now authenticate yourself from the command line using
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
I read it from
https://docs.mongodb.com/manual/tutorial/enable-authentication/
use admin
db.createUser(
{
user: "admin",
pwd: "admin123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
mongod --auth
in case of linux you can edit the /etc/mongod.conf
file to add security.authorization : enabled
and then restart the mongd servicemongo -u "admin" -p "admin123" --authenticationDatabase "admin"
. That's itYou can check out this post to go into more details and to learn connecting to it using mongoose.
First, un-comment the line that starts with #auth=true
in your mongod configuration file (default path /etc/mongod.conf
). This will enable authentication for mongodb.
Then, restart mongodb : sudo service mongod restart
https://docs.mongodb.com/manual/reference/configuration-options/#security.authorization
Edit the mongo settings file;
sudo nano /etc/mongod.conf
Add the line:
security.authorization : enabled
Restart the service
sudo service mongod restart
Regards
Wow so many complicated/confusing answers here.
This is as of v3.4.
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})
It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/
If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user administrator. The following creates a user administrator in the admin
authentication database. The user is a dbOwner
over the some_db
database and NOT over the admin
database, this is important to remember.
use admin
db.createUser(
{
user: "myDbOwner",
pwd: "abc123",
roles: [ { role: "dbOwner", db: "some_db" } ]
}
)
Or if you want to create an admin which is admin over any database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user administrator towards the admin
authentication database, NOT towards the some_db
authentication database. The user administrator was created in the admin
authentication database, the user does not exist in the some_db
authentication database.
use admin
db.auth("myDbOwner", "abc123")
You are now authenticated as a dbOwner
over the some_db
database. So now if you wish to read/write/do stuff directly towards the some_db
database you can change to it.
use some_db
//...do stuff like db.foo.insert({x:1})
// remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example.
More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/
If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.
6) Create a normal user. This user will be created in the some_db
authentication database down below.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
7) Exit the mongo shell, re-connect, authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})
The best practice to connect to mongoDB as follow:
After initial installation,
use admin
Then run the following script to create admin user
db.createUser(
{
user: "YourUserName",
pwd: "YourPassword",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
the following script will create the admin user for the DB.
log into the db.admin
using
mongo -u YourUserName -p YourPassword admin
After login, you can create N number of the database with same admin credential or different by repeating the 1 to 3.
This allows you to create different user and password for the different collection you creating in the MongoDB
This answer is for Mongo 3.2.1 Reference
Terminal 1:
$ mongod --auth
Terminal 2:
db.createUser({user:"admin_name", pwd:"1234",roles:["readWrite","dbAdmin"]})
if you want to add without roles (optional):
db.createUser({user:"admin_name", pwd:"1234", roles:[]})
to check if authenticated or not:
db.auth("admin_name", "1234")
it should give you:
1
else :
Error: Authentication failed.
0
You could change /etc/mongod.conf
.
Before
#security:
After
security:
authorization: "enabled"
Then sudo service mongod restart
This is what i did for ubuntu 20.04 and mongodb enterprise 4.4.2:
start mongo shell by typing mongo
in terminal.
use admin database:
use admin
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: passwordPrompt(), // or cleartext password
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
etc/mongod.conf
:security:
authorization: enabled
(optional) 6.If you want your user to have root access you can either specify it when creating your user like:
db.createUser(
{
user: "myUserAdmin",
pwd: passwordPrompt(), // or cleartext password
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
or you can change user role using:
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
These steps worked on me:
This is what I did on Ubuntu 18.04:
$ sudo apt install mongodb
$ mongo
> show dbs
> use admin
> db.createUser({ user: "root", pwd: "rootpw", roles: [ "root" ] }) // root user can do anything
> use lefa
> db.lefa.save( {name:"test"} )
> db.lefa.find()
> show dbs
> db.createUser({ user: "lefa", pwd: "lefapw", roles: [ { role: "dbOwner", db: "lefa" } ] }) // admin of a db
> exit
$ sudo vim /etc/mongodb.conf
auth = true
$ sudo systemctl restart mongodb
$ mongo -u "root" -p "rootpw" --authenticationDatabase "admin"
> use admin
> exit
$ mongo -u "lefa" -p "lefapw" --authenticationDatabase "lefa"
> use lefa
> exit
Here is a javascript code to add users.
Start mongod
with --auth = true
Access admin database from mongo shell and pass the javascript file.
mongo admin "Filename.js"
"Filename.js"
// Adding admin user
db.addUser("admin_username", " admin_password");
// Authenticate admin user
db.auth("admin_username ", " admin_password ");
// use database code from java script
db = db.getSiblingDB("newDatabase");
// Adding newDatabase database user
db.addUser("database_username ", " database_ password ");
Now user addition is complete, we can verify accessing the database from mongo shell
You'll need to switch to the database you want the user on (not the admin db) ...
use mydatabase
See this post for more help ... https://web.archive.org/web/20140316031938/http://learnmongo.com/posts/quick-tip-mongodb-users/
Some of the answers are sending mixed signals between using --auth
command line flag or setting config file property.
security:
authorization: enabled
I would like to clarify that aspect. First of all, authentication credentials (ie user/password) in both cases has to be created by executing db.createUser
query on the default admin
database. Once credentials are obtained, there are two ways to enable authentication:
auth
flag is applicable. Start mongod
like: usr/bin/mongod --auth
mongod
like: usr/bin/mongod --config <config file path>
To connect to the mongo shell with authentication:
mongo -u <user> -p <password> --authenticationDatabase admin
--authenticationDatabase
here is the database name where the user was created. All other mongo commands like mongorestore
, mongodump
accept the additional options ie -u <user> -p <password> --authenticationDatabase admin
Refer to https://docs.mongodb.com/manual/tutorial/enable-authentication/ for details.
after you create new user, please don't forget to grant
read/write/root
permission to the user. you can try the
cmd: db.grantRolesToUser('yourNewUsername',[{ role: "root", db: "admin" }])
Source: Stackoverflow.com