3

How To Configure MongoDB 4.x/5.x Authentication

 3 years ago
source link: https://computingforgeeks.com/how-to-configure-mongodb-authentication/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
How To Configure MongoDB 4.x/5.x Authentication
Search

I know many guys are used to running MongoDB without authentication. If you try a Lynis or Nessus security audit, you’ll likely get a warning for “No MongoDB authorization“. Let’s cover how you can set authentication for a user/database in MongoDB.

You need a running MongoDB to use this guide, use any of below articles to install MongoDB server.

When mongod service is running, connect to it using the mongocommand line tool

# mongo --port 27017
MongoDB shell version v4.4.8
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("636b31ad-ce58-4382-a522-1f3687ef61d3") }
MongoDB server version: 4.4.8
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
	https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
	https://community.mongodb.com
---
The server generated these startup warnings when booting:
        2021-08-23T13:14:38.468+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
        2021-08-23T13:14:38.469+00:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2021-08-23T13:14:38.469+00:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
>

Then create the user account with “root” role to be the database admin.

> use testdb;
switched to db testdb

> db.createUser(
  {
    user: "dbadmin",
    pwd: "StrongPassword",
    roles: [ { role: "root", db: "admin" } ]
  }
)
> exit
bye

Where:

  • Username is dbadmin
  • Password is StrongPassword

Open the file /etc/mongod.conf and enable authentication

$ sudo vim /etc/mongod.conf
security:
  authorization: enabled

Restart MongoDB

sudo systemctl restart mongod

Test by connecting to testdb as dbadmin user.

mongo --port 27017 -u "dbadmin" -p --authenticationDatabase "testdb"

When asked for the password, enter the password you had set, in my case this is StrongPassword:

MongoDB shell version v4.4.8
Enter password: StrongPassword
connecting to: mongodb://127.0.0.1:27017/?authSource=testdb&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("8438914a-a79c-42c6-8b20-388b0e366c1b") }
MongoDB server version: 4.4.8
---
The server generated these startup warnings when booting:
        2021-08-23T13:19:17.309+00:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2021-08-23T13:19:17.309+00:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---

You now have a working MongoDB authentication for a user to access a specific database.

MongoDB Udemy Video courses

Recommended Book:


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK