How to secure MongoDB with username and password
First, un-comment the line that starts with #auth=true in your mongod configuration file (default path /etc/mongod.conf). This will enable authentication for mongodb.
Then, restart mongodb : sudo service mongod restart
You need to start mongod with the --auth option after setting up the user.
From the MongoDB Site:
Run the database (mongod process) with the
--authoption to enable security. You must either have added a user to the admin db before starting the server with--auth, or add the first user from the localhost interface.
MongoDB Authentication
Wow so many complicated/confusing answers here.
This is as of v3.4.
Short answer.
Start MongoDB without access control.
mongod --dbpath /data/db
Connect to the instance.
mongo
Create the user.
use some_db db.createUser( { user: "myNormalUser", pwd: "xyz123", roles: [ { role: "readWrite", db: "some_db" }, { role: "read", db: "some_other_db" } ] } )
Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
Connect and authenticate as the user.
use some_db db.auth("myNormalUser", "xyz123") db.foo.insert({x:1}) use some_other_db db.foo.find({})
Long answer: Read this if you want to properly understand.
It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/
If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/
Start MongoDB without access control.
mongod --dbpath /data/db
Connect to the instance.
mongo
Create the user administrator. The following creates a user administrator in the
adminauthentication database. The user is adbOwnerover thesome_dbdatabase and NOT over theadmindatabase, this is important to remember.use admin db.createUser( { user: "myDbOwner", pwd: "abc123", roles: [ { role: "dbOwner", db: "some_db" } ] } )
Or if you want to create an admin which is admin over any database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
Connect and authenticate as the user administrator towards the
adminauthentication database, NOT towards thesome_dbauthentication database. The user administrator was created in theadminauthentication database, the user does not exist in thesome_dbauthentication database.use admin db.auth("myDbOwner", "abc123")
You are now authenticated as a dbOwner over the some_db database. So now if you wish to read/write/do stuff directly towards the some_db database you can change to it.
use some_db
//...do stuff like db.foo.insert({x:1})
// remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example.
More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/
If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.
Create a normal user. This user will be created in the
some_dbauthentication database down below.use some_db db.createUser( { user: "myNormalUser", pwd: "xyz123", roles: [ { role: "readWrite", db: "some_db" }, { role: "read", db: "some_other_db" } ] } )
Exit the mongo shell, re-connect, authenticate as the user.
use some_db db.auth("myNormalUser", "xyz123") db.foo.insert({x:1}) use some_other_db db.foo.find({})
Last but not least due to users not reading the commands I posted correctly regarding the --auth flag, you can set this value in the configuration file for mongoDB if you do not wish to set it as a flag.