Wednesday, January 13, 2016

MongoDB Security

By default, security and authentication is disabled. Create the administrator account before switching on authentication. Enter the console of the admin DB:
mongo admin

Add the administrator user:
db.createUser({user: "adminUserName",pwd:"adminUserPassword",
   roles: [ { role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
]
})

Enable authentication by editing the "/etc/mongod.conf" file
Uncomment this line:
auth=true

Restart MongoDB. Enter the console of the admin DB and you'll find that you'll need to authenticate before performing any operations:
db.auth({user: "adminUserName",pwd:"adminUserPassword"})

Now you should be able to add a user for the app database containing your data, and make this user the owner of the app database:
db.createUser({user: "dbUserName",pwd:"dbUserPassword",
   roles: [ { role: "dbOwner", db: "dbName" }]
})
Note: this needs to be done inside the app database

To enable remote login, comment out the "bind_ip" in "/etc/mongod.conf".

Note: Steps tested on MongoDB 2.6.x

No comments:

Post a Comment