Enable MongoDB Access Control

The default data directory for MongoDB is /data/db

This can be overridden by a dbpath option specified on the command line or in a configuration file.

If you install MongoDB via a package manager such as Homebrew or MacPorts these installs typically create a default data directory other than /data/db and set the dbpath in a configuration file.

You can check the dbpath by:

db.serverCmdLineOpts()

in your mongo shell

 "storage" : {
    "dbPath" : "/usr/local/var/mongodb"
 },

The following procedure first adds a user administrator to a MongoDB instance running without access control and then enables access control.

1.  Start MongoDB without access control.

$ mongod --port 27017 --dbpath /data/db1

2. Connect to the instance.

$ mongo --port 27017

3. Create the user administrator.

In the admin database, add a user with the userAdminAnyDatabase role. For example, the following creates the user myUserAdmin in the admin database:

Note: The database where you create the user (in this example, admin) is the user’s authentication database.

 > db.createUser(
 ...   {
 ...     user: "abhilash",
 ...     pwd: “password!“,
 ...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
 ...   }
 ... ) 

 Successfully added user: {
 "user" : "abhilash",
 "roles" : [
  {
    "role" : "userAdminAnyDatabase",
    "db" : "admin"
  }
 ]
 }

Disconnect the mongo shell.

4. Re-start the MongoDB instance with access control.

$ mongod --auth --port 27017 --dbpath /usr/local/var/mongodb/db1

Clients that connect to this instance must now authenticate themselves as a MongoDB user.

 > db.auth();
 Error: auth expects either (username, password) or ({ user: username, pwd: password })
 0
 > db
 test

** To authenticate during connection:

$ mongo --port 27017 -u "abhilash" -p "password!” --authenticationDatabase "admin"

** To authenticate after connecting

Connect the mongo shell

 $ mongo
 > use admin
 > db.auth("abhilash", “password!“ )
 > mongo
 MongoDB shell version v3.4.7
 connecting to: mongodb://127.0.0.1:27017
 MongoDB server version: 3.4.7
 Server has startup warnings:
 2018-01-22T10:32:18.027+0530 I CONTROL  [initandlisten]
 2018-01-22T10:32:18.027+0530 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
 2018-01-22T10:32:18.027+0530 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
 2018-01-22T10:32:18.027+0530 I CONTROL  [initandlisten]
 > use admin
 switched to db admin
 > db
 admin
 > db.auth("abhilash", "password!”);
 1
 > use my_dbname;
 > db.createUser(
   {
     user: "vadmin",
     pwd: “pass111!”,
     roles: [ { role: "readWrite", db: "my_dbname" },
              { role: "read", db: "test" } ]
   }
 )

Reference:  Mongodb enable-authentication 

Unknown's avatar

Author: Abhilash

Hi, I’m Abhilash! A seasoned web developer with 15 years of experience specializing in Ruby and Ruby on Rails. Since 2010, I’ve built scalable, robust web applications and worked with frameworks like Angular, Sinatra, Laravel, Node.js, Vue and React. Passionate about clean, maintainable code and continuous learning, I share insights, tutorials, and experiences here. Let’s explore the ever-evolving world of web development together!

Leave a comment