Adding an Authorized user to Mongodb


On 05-03-2015 code

There isn’t really a whole lot of information out there about how to add a username and password to your database for mongodb. There is the documentation on Mongodb’s website but it just gives parameters or options and not really a step by step process. Security is a big part of web design and the problem with most tutorials online is for the sake of speed or beginner mentality they skip over the security measures.

By default mongodb has authorization/authentication turned off. Adding an authorized user to your database in mongodb is a bit different than other table style databases. Since monogodb is all command line interface. Here are the steps that I worked through from mongodb’s official site, but broken down into real steps and not some “abstract” idea. Note there are probably other ways of doing it but this is how I worked it out.

First you want to setup a config file that you will pass into the launch of mongodb server. I put my config file directly into my mongodb’s install inside the bin folder since this is where the executable are for my installation. (I am working on a Windows machine locally) The file should be named mongodb.config, if it doesn’t already exist go ahead and create it manually. Then you only need one line of code to turn on authorization or authentication.

auth = true
bind_ip = 127.0.0.1
port = 27017

Ive added two other options in the config file. bind_ip is a security method for using local host, which is generally the place that is running the server instance. You can aslo change the port number that Mongodb runs on, another good practice. There are other configurations you can drop in here if you would like. Searching around on Google you will find a few other security practices of other items to drop into your config file.

The next thing we want to do is create a username, password, and setup their user role.

Start your mongo database. With the mongod function in your command line. Alternative you can launch it from the bin folder by clicking on the exe if you are on a Windows machine. Once your database server is running, enter the mongo interface by typing mongo in a separate command line window. Now you are talking to the database, next you want to go into the database you will be using or want to setup authorization.

use databasename

Then type or copy this long string of code.

db.createUser({"user" : "username","pwd": "password", "roles" : [{ role: "clusterAdmin", db: "admin" }, { role: "readAnyDatabase", db: "admin"},"readWrite"]},{w: "majority" , wtimeout: 5000})

After this you will need to stop your mongod, so just ctrl c in the mongod window of the command line. And now you want to relaunch the database server but this time passing in the configuration file you created.

mongod --config /file/path/to/mongodb.config

Now you have auth=true running on this startup. Type mongo in a separate command line window(note generally you have to cd into the bin folder of your mongodb folder on your machine for get the mongo to work), next navigate to your database you set the username and password to, “use databasename”.

db.auth("username", "password")

After you are authorized you can now run command on the database.

db.find()

Pretty straight forward once it gets broken down step by step. Hope this helps anyone out there looking for the same clear instructions that I was not able to find.

I will revisit this post as a second part and show you have you would use authorization in a real live application. Completing the tutorial for a full fledged step by step setup for Authorization / Authentication your database with Mongodb.