Posts MongoDB Enable User Login Authentication
Post
Cancel

MongoDB Enable User Login Authentication

In the previous post, I have installed Mongodb-3.6 Community Edition, please refer here:
MongoDB-3.6 Community Edition Installation.
By default, mongodb starts with no authentication required, meaning that anyone can login to your mongodb. Therefore in this post, I am going to write about how to add user rights and enable authentication.

Firs of all, make sure mongod is running.

1
ps aux | grep mongod

mongodb authentication

We can see clearly that mongod is using the config file from /etc/mongod.conf, so we will modify that file later on. Let’s briefly talk about how mongodb authentication works. Mongodb uses role to define/set users with the level and/or power of what an user can do. For all the built-in roles available, please refer: Built-In Roles — MongoDB Manual 3.6.

And according to the prerequisites, we must

  1. Use localhost exception to login mongod.
  2. Create our first user in admin database granted with userAdmin or userAdminAnyDatabase built-in role.
  3. Create other users with user created in step 2.

mongodb authentication

Let’s use localhost exception to login mongod.

1
mongo

mongodb authentication

At login, mongodb prompts warnings suggesting for better configurations. So let’s fix it first. Before we start, check the current status first.
mongodb authentication

Use the commands to fix the problem. First two lines will change the current status, last two line will add the command to a script where it will be executed every time server reboots. Please note that the following commands must be run by root privileges. Please run chmod +x /etc/rc.d/rc.local to enable rc.local.

1
2
3
4
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >> /etc/rc.d/rc.local
echo "echo never > /sys/kernel/mm/transparent_hugepage/defrag" >> /etc/rc.d/rc.local

mongodb authentication

Restart mongod and login again, the warnings are gone.

1
2
systemctl restart mongod
mongo

mongodb authentication

According to mongodb document, let’s create our first user.

1
2
3
4
5
6
7
8
9
10
use admin
db.createUser(
  {
    user: "blogadmin",
    pwd: "12345678",
    roles: [
       { role: "userAdminAnyDatabase", db: "admin" },       
    ]
  }
)

mongodb authentication

Now we have created the first user, we can use the same routine to create users for operation needed. For testing purpose, I am just going to create a root user whom has the full privileges to the db.

1
2
3
4
5
6
7
8
9
10
use admin
db.createUser(
  {
    user: "blogroot",
    pwd: "12345678",
    roles: [
       { role: "root", db: "admin" },       
    ]
  }
)

mongodb authentication

Now let’s enable the authentication mechanism by editing mongodb config file as below.
mongodb authentication

Save, exit and restart the service.

1
2
vim /etc/mongod.conf
systemctl restart mongod

mongodb authentication

Now let’s try login again by just using mongo and trying to list all dbs.
mongodb authentication

We can see that errmsg displays “not authorized on admin to execute command”, that means our setting works. Now let’s use authorized user to login. There are two ways to do so, one is using this syntax mongo -u username -p --authenticationDatabase admin.
mongodb authentication

Another way is to use db.auth() function provided by mongodb. To use it, we first login with mongo.
mongodb authentication

RELATED POSTS:
MongoDB-3.6 Community Edition Installation
Setup MongoDB Replication With Arbiter Environment

REFERENCES:
Users — MongoDB Manual 3.6
Authentication — MongoDB Manual 3.6

This post is licensed under CC BY 4.0 by the author.