Introduction
Securing your MongoDB database is an essential step to protect your data from unauthorized access. One of the first steps in securing your MongoDB instance is creating an admin user and enabling authentication. This tutorial will guide you through the process of setting up an administrative user for your MongoDB database and turning on authentication to ensure that only authorized users have access to your database’s functionalities.
Prerequisites
Before you begin, ensure you have the following:
- MongoDB installed on your system
- Access to the MongoDB command line interface (CLI)
- Basic understanding of command-line operations and MongoDB concepts
Step 1: Starting MongoDB Without Access Control
Access your MongoDB instance without access control to create the initial admin user. Typically, after installation, MongoDB starts without access control enabled. You can start a MongoDB instance without access control using the following command:
mongod --port 27017 --dbpath /data/db1
Make sure to replace /data/db1 with the actual path to your MongoDB data directory.
Step 2: Connecting to MongoDB Instance
Once your MongoDB instance is running, connect to it using the mongo shell with the following command:
mongo
Step 3: Creating the Admin User
Upon connecting to the MongoDB instance, create the administrative user by switching to the admin database and running the createUser command:
use admin
db.createUser({
user: "myAdminUser",
pwd: "myAdminPassword",
roles: [{ role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase"]
});
Replace "myAdminUser" and "myAdminPassword" with your desired admin username and secure password respectively.
Step 4: Enabling Access Control and Testing Authentication
With the admin user created, access control needs to be enabled. You do this by restarting the MongoDB instance with the --auth flag:
mongod --auth --port 27017 --dbpath /data/db1
Once restarted, attempt to connect to the database using the admin credentials to verify that authentication is working:
mongo -u myAdminUser -p myAdminPassword --authenticationDatabase admin
You should be connected to the database if the credentials are correct. If you encounter errors, ensure that the username and password are as you set in the createUser command.
Step 5: Managing User Roles
After the administrative user has been set up, you can manage various user roles. MongoDB provides a flexible role-based access control system. Below is an example of how to provide a user with read-only access to a particular database:
use someDatabase
db.createUser({
user: "readOnlyUser",
pwd: "readOnlyPassword",
roles: [{ role: "read", db: "someDatabase" }]
});
Again, ensure that you are using secure passwords and replace "readOnlyUser" and "readOnlyPassword" with your chosen credentials.
Step 6: Advanced User Management
For more advanced user management, you can create roles with customized permissions. Below is an example of creating a role:
use admin
db.createRole({
role: "myCustomRole",
privileges: [
{ resource: { db: "myDatabase", collection: "" }, actions: [ "find", "update", "insert", "remove" ] }
],
roles: []
});
Once the role is created, you can assign it to a user with the following command:
db.grantRolesToUser("existingUser", ["myCustomRole"]);
Ensure that you replace "existingUser" with the actual username of the user to whom you wish to grant the newly created role.
Conclusion
Securing your MongoDB instance with authentication and proper user management is paramount to protecting your data. By following the steps we’ve outlined in this tutorial, you’ve successfully created an administrative user, enabled authentication, and understand the basics of user role management, setting the foundation for a secure MongoDB deployment.