I want to set up user name & password authentication for my MongoDB instance, so that any remote access will ask for the user name & password. I tried the tutorial from the MongoDB site and did following:
use admin
db.addUser('theadmin', '12345');
db.auth('theadmin','12345');
After that, I exited and ran mongo again. And I don't need password to access it. Even if I connect to the database remotely, I am not prompted for user name & password.
UPDATE Here is the solution I ended up using
1) At the mongo command line, set the administrator:
use admin;
db.addUser('admin','123456');
2) Shutdown the server and exit
db.shutdownServer();
exit
3) Restart mongod with --auth
$ sudo ./mongodb/bin/mongod --auth --dbpath /mnt/db/
4) Run mongo again in 2 ways:
i) run mongo first then login:
$ ./mongodb/bin/mongo localhost:27017
use admin
db.auth('admin','123456');
ii) run & login to mongo in command line.
$ ./mongodb/bin/mongo localhost:27017/admin -u admin -p 123456
The username & password will work the same way for mongodump and mongoexport.
This question is related to
authentication
mongodb
User creation with password for a specific database to secure database access :
use dbName
db.createUser(
{
user: "dbUser",
pwd: "dbPassword",
roles: [ "readWrite", "dbAdmin" ]
}
)
First run mongoDB on terminal using
mongod
now run mongo shell use following commands
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Re-start the MongoDB instance with access control.
mongod --auth
Now authenticate yourself from the command line using
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
I read it from
https://docs.mongodb.com/manual/tutorial/enable-authentication/
use admin
db.createUser(
{
user: "admin",
pwd: "admin123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
mongod --auth in case of linux you can edit the /etc/mongod.conf file to add security.authorization : enabled and then restart the mongd servicemongo -u "admin" -p "admin123" --authenticationDatabase "admin". That's itYou can check out this post to go into more details and to learn connecting to it using mongoose.
First, un-comment the line that starts with #auth=true in your mongod configuration file (default path /etc/mongod.conf). This will enable authentication for mongodb.
Then, restart mongodb : sudo service mongod restart
https://docs.mongodb.com/manual/reference/configuration-options/#security.authorization
Edit the mongo settings file;
sudo nano /etc/mongod.conf
Add the line:
security.authorization : enabled
Restart the service
sudo service mongod restart
Regards
Wow so many complicated/confusing answers here.
This is as of v3.4.
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})
It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/
If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user administrator. The following creates a user administrator in the admin authentication database. The user is a dbOwner over the some_db database and NOT over the admin database, this is important to remember.
use admin
db.createUser(
{
user: "myDbOwner",
pwd: "abc123",
roles: [ { role: "dbOwner", db: "some_db" } ]
}
)
Or if you want to create an admin which is admin over any database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user administrator towards the admin authentication database, NOT towards the some_db authentication database. The user administrator was created in the admin authentication database, the user does not exist in the some_db authentication database.
use admin
db.auth("myDbOwner", "abc123")
You are now authenticated as a dbOwner over the some_db database. So now if you wish to read/write/do stuff directly towards the some_db database you can change to it.
use some_db
//...do stuff like db.foo.insert({x:1})
// remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example.
More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/
If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.
6) Create a normal user. This user will be created in the some_db authentication database down below.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
7) Exit the mongo shell, re-connect, authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})
The best practice to connect to mongoDB as follow:
After initial installation,
use admin
Then run the following script to create admin user
db.createUser(
{
user: "YourUserName",
pwd: "YourPassword",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
the following script will create the admin user for the DB.
log into the db.admin using
mongo -u YourUserName -p YourPassword admin
After login, you can create N number of the database with same admin credential or different by repeating the 1 to 3.
This allows you to create different user and password for the different collection you creating in the MongoDB
This answer is for Mongo 3.2.1 Reference
Terminal 1:
$ mongod --auth
Terminal 2:
db.createUser({user:"admin_name", pwd:"1234",roles:["readWrite","dbAdmin"]})
if you want to add without roles (optional):
db.createUser({user:"admin_name", pwd:"1234", roles:[]})
to check if authenticated or not:
db.auth("admin_name", "1234")
it should give you:
1
else :
Error: Authentication failed.
0
You could change /etc/mongod.conf.
Before
#security:
After
security:
authorization: "enabled"
Then sudo service mongod restart
This is what i did for ubuntu 20.04 and mongodb enterprise 4.4.2:
start mongo shell by typing mongo in terminal.
use admin database:
use admin
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: passwordPrompt(), // or cleartext password
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
etc/mongod.conf:security:
authorization: enabled
(optional) 6.If you want your user to have root access you can either specify it when creating your user like:
db.createUser(
{
user: "myUserAdmin",
pwd: passwordPrompt(), // or cleartext password
roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
}
)
or you can change user role using:
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
These steps worked on me:
This is what I did on Ubuntu 18.04:
$ sudo apt install mongodb
$ mongo
> show dbs
> use admin
> db.createUser({ user: "root", pwd: "rootpw", roles: [ "root" ] }) // root user can do anything
> use lefa
> db.lefa.save( {name:"test"} )
> db.lefa.find()
> show dbs
> db.createUser({ user: "lefa", pwd: "lefapw", roles: [ { role: "dbOwner", db: "lefa" } ] }) // admin of a db
> exit
$ sudo vim /etc/mongodb.conf
auth = true
$ sudo systemctl restart mongodb
$ mongo -u "root" -p "rootpw" --authenticationDatabase "admin"
> use admin
> exit
$ mongo -u "lefa" -p "lefapw" --authenticationDatabase "lefa"
> use lefa
> exit
Here is a javascript code to add users.
Start mongod with --auth = true
Access admin database from mongo shell and pass the javascript file.
mongo admin "Filename.js"
"Filename.js"
// Adding admin user
db.addUser("admin_username", " admin_password");
// Authenticate admin user
db.auth("admin_username ", " admin_password ");
// use database code from java script
db = db.getSiblingDB("newDatabase");
// Adding newDatabase database user
db.addUser("database_username ", " database_ password ");
Now user addition is complete, we can verify accessing the database from mongo shell
You'll need to switch to the database you want the user on (not the admin db) ...
use mydatabase
See this post for more help ... https://web.archive.org/web/20140316031938/http://learnmongo.com/posts/quick-tip-mongodb-users/
Some of the answers are sending mixed signals between using --auth command line flag or setting config file property.
security:
authorization: enabled
I would like to clarify that aspect. First of all, authentication credentials (ie user/password) in both cases has to be created by executing db.createUser query on the default admin database. Once credentials are obtained, there are two ways to enable authentication:
auth flag is applicable. Start mongod like: usr/bin/mongod --authmongod like: usr/bin/mongod --config <config file path>To connect to the mongo shell with authentication:
mongo -u <user> -p <password> --authenticationDatabase admin
--authenticationDatabase here is the database name where the user was created. All other mongo commands like mongorestore, mongodump accept the additional options ie -u <user> -p <password> --authenticationDatabase admin
Refer to https://docs.mongodb.com/manual/tutorial/enable-authentication/ for details.
after you create new user, please don't forget to grant read/write/root permission to the user. you can try the
cmd: db.grantRolesToUser('yourNewUsername',[{ role: "root", db: "admin" }])
Source: Stackoverflow.com