Step 1 — Adding Administrative User
- mongo
$ mongoOutputMongoDB shell version v4.4.1
. . .
2020-10-06T15:08:11.202+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
. . .
>
Run Mongo’s show dbs
command:
> show dbs
Output
admin 0.000GB
config 0.000GB
local 0.000GB
Switch to db admin
> use adminswitched to db admin
Create Mongo user
> db.createUser(
... {
... user: "zip",
... pwd: passwordPrompt(),
... roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
... }
... )
input the password you want
OutputEnter password:(key in the password you want)
Enter a strong password of your choosing. Then, you’ll receive a confirmation that the user was added:
OutputSuccessfully added user: {
"user" : "AdminSammy",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
"readWriteAnyDatabase"
]
}
Following that, you can exit the MongoDB client:
> exit
Step 2 — Enabling Authentication
To enable authentication, you must edit mongod.conf
, MongoDB’s configuration file. Once you enable it and restart the Mongo service, users will still be able to connect to the database without authenticating. However, they won’t be able to read or modify any data until they provide a correct username and password.
Open the configuration file with your preferred text editor. Here, we’ll use nano
:
$ sudo nano /etc/mongod.conf. . .
security:
authorization: "enabled"
. . .
Restart Mongo server
$ sudo systemctl restart mongod
Next, check the service’s status to make sure that it restarted correctly:
- sudo systemctl status mongod
$ sudo systemctl status mongodOutput● mongod.service - MongoDB Database Server
Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-06 15:24:44 UTC; 5s ago
Docs: https://docs.mongodb.org/manual
Main PID: 13660 (mongod)
CGroup: /system.slice/mongod.service
└─13660 /usr/bin/mongod --config /etc/mongod.confOct 06 15:24:44 mongo-18-01 systemd[1]: Started MongoDB Database Server.
Step 3 — Testing Authentication Settings
$ mongowarning will showOutputMongoDB shell version v4.4.1
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("ed0e92b6-bee5-4867-9d87-8b57155aea40") }
MongoDB server version: 4.4.1
>
Confirm whether your access is restricted by running the show dbs
command again:
> show dbs
show empty then
>exitcorrect access path
$ mongo -u AdminSammy -p — authenticationDatabase admin
Enter the user’s password when prompted, and then you’ll be dropped into the shell. Once there, try issuing the show dbs
command again:
> show dbs
This time, because you’ve authenticated properly, the command will successfully return a list of all the databases currently on the server:
Outputadmin 0.000GB
config 0.000GB
local 0.000GB
This confirms that authentication was enabled successfully