How to secure MongoDB with username and password

Question

I want to set up user name  amp  password authentication for my MongoDB instance  so that any remote access will ask for the user name  amp  password   I tried the tutorial from the MongoDB site and did following   use admin db addUser  theadmin    12345    db auth  theadmin   12345      After that  I exited and ran mongo again   And I don t need password to access it  Even if I connect to the database remotely  I am not prompted for user name  amp  password      UPDATE Here is the solution I ended up using  1  At the mongo command line  set the administrator       use admin      db addUser  admin   123456     2  Shutdown the server and exit      db shutdownServer        exit  3  Restart mongod with --auth      sudo   mongodb bin mongod --auth --dbpath  mnt db   4  Run mongo again in 2 ways      i  run mongo first then login               mongodb bin mongo localhost 27017         use admin         db auth  admin   123456       ii  run  amp  login to mongo in command line               mongodb bin mongo localhost 27017 admin -u admin -p 123456   The username  amp  password will work the same way for mongodump and mongoexport

User · Answer

These steps worked on me    write mongod --port 27017 on cmd then connect to mongo shell   mongo --port 27017 create the user admin    use admin db createUser    user   myUserAdmin   pwd   abc123   roles      role   userAdminAnyDatabase   db   admin          disconnect mongo shell restart the mongodb   mongod --auth --port 27017 start mongo shell   mongo --port 27017 -u  myUserAdmin  -p  abc123  --authenticationDatabase  admin  To authenticate after connecting  Connect the mongo shell to the mongod  mongo --port 27017 switch to the authentication database   use admin db auth  myUserAdmin    abc123

User · Answer

Some of the answers are sending mixed signals between using --auth command line flag or setting config file property  security    authorization  enabled  I would like to clarify that aspect  First of all   authentication credentials  ie user password  in both cases has to be created by executing db createUser query on the default admin database  Once credentials are obtained  there are two ways to enable authentication   Without a custom config file  This is when the former auth flag is applicable  Start mongod like  usr bin mongod --auth With a custom config file  This is when the latter configs has to be present in the custom config file Start mongod like  usr bin mongod --config  lt config file path gt   To connect to the mongo shell with authentication  mongo -u  lt user gt  -p  lt password gt  --authenticationDatabase admin --authenticationDatabase here is the database name where the user was created  All other mongo commands like mongorestore  mongodump  accept the additional options ie  -u  lt user gt  -p  lt password gt  --authenticationDatabase admin Refer to https   docs mongodb com manual tutorial enable-authentication  for details

User · Answer

This is what i did for ubuntu 20 04 and mongodb enterprise 4 4 2   start mongo shell by typing mongo in terminal   use admin database    use admin   create a new user and assign your intended role   use admin db createUser          user   quot myUserAdmin quot       pwd  passwordPrompt       or cleartext password     roles      role   quot userAdminAnyDatabase quot   db   quot admin quot      quot readWriteAnyDatabase quot            exit mongo and add the following line to etc mongod conf   security      authorization  enabled   restart mongodb server   optional  6 If you want your user to have root access you can either specify it when creating your user like  db createUser          user   quot myUserAdmin quot       pwd  passwordPrompt       or cleartext password     roles      role   quot userAdminAnyDatabase quot   db   quot admin quot      quot readWriteAnyDatabase quot           or you can change user role using  db grantRolesToUser  admin      role   root   db   admin

User · Answer

User creation with password for a specific database to secure database access    use dbName  db createUser            user   dbUser        pwd   dbPassword        roles     readWrite    dbAdmin

User · Answer

First  un-comment the line that starts with  auth true in your mongod configuration file  default path  etc mongod conf   This will enable authentication for mongodb  Then  restart mongodb   sudo service mongod restart

User · Answer

Here is a javascript code to add users    Start mongod with --auth   true  Access admin database from mongo shell and pass the javascript file   mongo admin  Filename js    Filename js      Adding admin user db addUser  admin username     admin password       Authenticate admin user db auth  admin username      admin password        use  database code from java script db   db getSiblingDB  newDatabase       Adding newDatabase database user   db addUser  database username      database  password      Now user addition is complete  we can verify accessing the database from mongo shell

User · Answer

First run mongoDB on terminal using  mongod   now run mongo shell use following commands      use admin db createUser          user   myUserAdmin       pwd   abc123       roles      role   userAdminAnyDatabase   db   admin              Re-start the MongoDB instance with access control   mongod --auth   Now authenticate yourself from the command line using   mongo --port 27017 -u  myUserAdmin  -p  abc123  --authenticationDatabase  admin    I read it from  https   docs mongodb com manual tutorial enable-authentication

User · Answer

https   docs mongodb com manual reference configuration-options  security authorization  Edit the mongo settings file   sudo nano  etc mongod conf   Add the line   security authorization   enabled   Restart the service  sudo service mongod restart   Regards

User · Answer

You ll need to switch to the database you want the user on  not the admin db       use mydatabase  See this post for more help     https   web archive org web 20140316031938 http   learnmongo com posts quick-tip-mongodb-users

User · Answer

Wow so many complicated confusing answers here   This is as of v3 4   Short answer   1  Start MongoDB without access control   mongod --dbpath  data db   2  Connect to the instance   mongo   3  Create the user   use some db db createUser          user   myNormalUser       pwd   xyz123       roles      role   readWrite   db   some db                    role   read   db   some other db              4  Stop the MongoDB instance and start it again with access control   mongod --auth --dbpath  data db   5  Connect and authenticate as the user   use some db db auth  myNormalUser    xyz123   db foo insert  x 1   use some other db db foo find       Long answer  Read this if you want to properly understand   It s really simple  I ll dumb the following down https   docs mongodb com manual tutorial enable-authentication   If you want to learn more about what the roles actually do read more here  https   docs mongodb com manual reference built-in-roles   1  Start MongoDB without access control    mongod --dbpath  data db   2  Connect to the instance   mongo   3  Create the user administrator  The following creates a user administrator in the admin authentication database  The user is a dbOwner over the some db database and NOT over the admin database  this is important to remember   use admin db createUser          user   myDbOwner       pwd   abc123       roles      role   dbOwner   db   some db              Or if you want to create an admin which is admin over any database   use admin db createUser          user   myUserAdmin       pwd   abc123       roles      role   userAdminAnyDatabase   db   admin              4  Stop the MongoDB instance and start it again with access control   mongod --auth --dbpath  data db   5  Connect and authenticate as the user administrator towards the admin authentication database  NOT towards the some db authentication database  The user administrator was created in the admin authentication database  the user does not exist in the some db authentication database   use admin db auth  myDbOwner    abc123     You are now authenticated as a dbOwner over the some db database  So now if you wish to read write do stuff directly towards the some db database you can change to it   use some db      do stuff like db foo insert  x 1      remember that the user administrator had dbOwner rights so the user may write read  if you create a user with userAdmin they will not be able to read write for example    More on roles  https   docs mongodb com manual reference built-in-roles   If you wish to make additional users which aren t user administrators and which are just normal users continue reading below   6  Create a normal user  This user will be created in the some db authentication database down below   use some db db createUser          user   myNormalUser       pwd   xyz123       roles      role   readWrite   db   some db                    role   read   db   some other db              7  Exit the mongo shell  re-connect  authenticate as the user   use some db db auth  myNormalUser    xyz123   db foo insert  x 1   use some other db db foo find

User · Answer

The best practice to connect to mongoDB as follow   After initial installation  use admin  Then run the following script to create admin user       db createUser                  user   quot YourUserName quot            pwd   quot YourPassword quot            roles                         role   quot userAdminAnyDatabase quot   db   quot admin quot                          role   quot readWriteAnyDatabase quot   db   quot admin quot                          role   quot dbAdminAnyDatabase quot   db   quot admin quot                          role   quot clusterAdmin quot   db   quot admin quot                               the following script will create the admin user for the DB   log into the db admin using mongo -u YourUserName -p YourPassword admin  After login  you can create N number of the database with same admin credential or different by repeating the 1 to 3    This allows you to create different user and password for the different collection you creating in the MongoDB

User · Answer

after you create new user  please don t forget to grant read write root permission to the user  you can try the   cmd  db grantRolesToUser  yourNewUsername     role   root   db   admin

User · Answer

You could change  etc mongod conf   Before   security   After  security      authorization   enabled    Then sudo service mongod restart

User · Answer

You need to start mongod with the --auth option after setting up the user   From the MongoDB Site      Run the database  mongod process  with the --auth option to enable   security  You must either have added a user to the admin db before   starting the server with --auth  or add the first user from the   localhost interface    MongoDB Authentication

User · Answer

This answer is for Mongo 3 2 1  Reference  Terminal 1      mongod --auth   Terminal 2   db createUser  user  admin name   pwd  1234  roles   readWrite   dbAdmin       if you want to add without roles  optional     db createUser  user  admin name   pwd  1234   roles        to check if authenticated or not   db auth  admin name    1234     it should give you   1   else    Error  Authentication failed  0

User · Answer

This is what I did on Ubuntu 18 04     sudo apt install mongodb   mongo  gt  show dbs  gt  use admin  gt  db createUser    user   root    pwd   rootpw    roles     root            root user can do anything  gt  use lefa  gt  db lefa save   name  test      gt  db lefa find    gt  show dbs  gt  db createUser    user   lefa    pwd   lefapw    roles      role   dbOwner   db   lefa             admin of a db  gt  exit   sudo vim  etc mongodb conf auth   true   sudo systemctl restart mongodb   mongo -u  root  -p  rootpw  --authenticationDatabase   admin   gt  use admin  gt  exit   mongo -u  lefa  -p  lefapw  --authenticationDatabase   lefa   gt  use lefa  gt  exit

User · Answer

Follow the below steps in order   Create a user using the CLI   use admin db createUser          user   admin       pwd   admin123       roles      role   userAdminAnyDatabase   db   admin      readWriteAnyDatabase             Enable authentication  how you do it differs based on your OS  if you are using windows you can simply mongod --auth in case of linux you can edit the  etc mongod conf file to add security authorization   enabled and then restart the mongd service To connect via cli mongo -u  admin  -p  admin123  --authenticationDatabase   admin   That s it   You can check out this post to go into more details and to learn connecting to it using mongoose

[authentication] How to secure MongoDB with username and password

Examples related to authentication

Examples related to mongodb