MongoDB

How to Secure MongoDB with Username and Password

2 years ago
by John Otieno

The username and password are the most basic form of authentication. By default, MongoDB does not provide any form of authentication. This means that any user with access to your MongoDB Server interface can access and manage your database.

This is a severe security risk, especially when exposing your database to the world. Therefore, this post will show you how to configure the username and password authentication in the MongoDB server.

Let’s jump into it.

Step 1: Login to MongoDB Server

The first step is to login into your server. Since MongoDB is not secured, you can run the following command:

$ mongo Mongodb://<host>:<port>

 
The given command logs into the MongoDB server with the default username.

Step 2: Change to Admin Database

Next, change into the admin database which allows us to perform the actions such as creating new users and assigning permission.

> USE admin
'switched to db admin'

 

Step 3: Create Administrator User

The next step is to create a user with the UserAdminAnyDatabase role. This allows you to manage any database on the server.

We can run the command as follows:

db.createUser({user: "root", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]})

 
Running the previous command should create a username called root with the specified password and userAdminAnyDatabase role.

Output:

{ ok: 1 }

 

Step 4: MongoDB Enable Authentication

Once we created a username and password, we need to enable the authentication for the MongoDB server.

We can do this by editing the MongoDB configuration file. Keep in mind that the location to the MongoDB configuration file differs depending on the installation method and operating system.

Locate the mongod.conf or mongod.cfg file in your system. Edit the file with your favorite text editor:

$ sudo nano /etc/mongod.conf

 
Edit the file and locate the entry as shown in the following:

security:
    authorization: "disabled"

 
In some cases, you may find the security block commented out as shown in the following:

#security:

 
Uncomment by removing the preceding pound sign and set the entry as shown in the following:

#security:
    authorization: "enabled"

 
Save the file and close.

Restart the MongoDB service with the following command:

$ sudo service mongodb restart

 
On Windows, you can run the following command:

$ net stop mongodb && net start mongodb

 
Run the following command to login into the server with the specified username and password:

$ mongo mongodb://<host>:<port> db.auth("username", "password")

 

Conclusion

This post discussed the basics of setting up a username and password authentication on a MongoDB Server.

Thanks for reading!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts