In this guide we will learn how to set up Authentication for Mongodb. This guide has been tested on MongoDB version 4.x and 5.x.
The default installation of Mongodb doesn’t have authentication enabled. Often times when you connect to the service you will get a warning like this: Access control is not enabled for the database.
MongoDB is a cross-platform document-oriented NoSQL database program that uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License. Instead of storing data in tables of rows or columns like SQL databases, each record in a MongoDB database is a document described in BSON, a binary representation of the data. Applications can then retrieve this information in a JSON format.
Related Content
Prerequisites
To follow along this guide, you need:
- A fresh installed running mongodb service in a linux server
- Root access to the server so you can make the configuration change
- Knowledge of Linux terminal
Connecting to MongoDB and Creating admin user
Connect to the MongoDB service using the mongosh
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| $ mongosh --port 27017
Current Mongosh Log ID: 61824a576df96ec2ab71c8af
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000
Using MongoDB: 5.0.3
Using Mongosh: 1.1.1
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
To help improve our products, anonymous usage data is collected and sent to MongoDB periodically (https://www.mongodb.com/legal/privacy-policy).
You can opt-out by running the disableTelemetry() command.
------
The server generated these startup warnings when booting:
2021-11-03T07:39:58.477+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
2021-11-03T07:39:58.478+00:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
------
Warning: Found ~/.mongorc.js, but not ~/.mongoshrc.js. ~/.mongorc.js will not be loaded.
You may want to copy or rename ~/.mongorc.js to ~/.mongoshrc.js.
test>
|
Once connected, let us create our admin user. We are going to create an admin user account with username <meta charset="utf-8">dbadmin
and password S3cretP4sswd
that has a role root
for the db admin
.
1
2
3
4
5
6
7
8
| test> db.createUser(
... {
..... user: "dbadmin",
..... pwd: "S3cretP4sswd",
..... roles: [ { role: "root", db: "admin" } ]
..... }
... );
{ ok: 1 }
|
Updating MongoDB Configuration file
Next, let’s enable authentication in the globa mongodb config file located here /etc/mongod.conf
.
Open the file with vim:
1
| sudo vim /etc/mongod.conf
|
The update the security section as follows:
1
2
| security:
authorization: enabled
|
To apply the changes, restart the MongoDB service:
1
| sudo systemctl restart mongod
|
Testing MongoDB connection with Authentication in place
Now let’s test that everything is working as expected using this command:
1
| mongosh --port 27017 -u "dbadmin" -p --authenticationDatabase "test"
|
Enter the password when prompted. If it works you should login successfully:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| $ mongosh --port 27017 -u "dbadmin" -p --authenticationDatabase "test"
Enter password: ************
Current Mongosh Log ID: 61824c4534699d27e07193c3
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000
Using MongoDB: 5.0.3
Using Mongosh: 1.1.1
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
------
The server generated these startup warnings when booting:
2021-11-03T08:44:42.417+00:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
------
Warning: Found ~/.mongorc.js, but not ~/.mongoshrc.js. ~/.mongorc.js will not be loaded.
You may want to copy or rename ~/.mongorc.js to ~/.mongoshrc.js.
test>
|
Conclusion
Congratulations for following this guide to the end. We have managed to set up authentication to our Mongodb service.