MongoDB/Users: Difference between revisions
From charlesreid1
(→Flags) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Main|MongoDB}} | |||
==Create Users and Enable Authentication== | ==Create Users and Enable Authentication== | ||
| Line 66: | Line 68: | ||
authorization: enabled | authorization: enabled | ||
</pre> | </pre> | ||
=Flags= | |||
[[Category:MongoDB]] | |||
[[Category:2018]] | |||
[[Category:February 2018]] | |||
Latest revision as of 20:21, 4 November 2018
Create Users and Enable Authentication
It is a good idea to set up users and user authentication to control access to the data in the database.
To create a system-wide mongodb user admin, create a user with the role userAdminAnyDatabase (no other roles!).
Start a mongo shell using the mongo command (run this from localhost, which will not require authentication to begin with, or using --noauth flag):
$ mongo >
Now you will run a few commands to create an admin user.
This creates a user "darthvader" with password "secretpass":
> use admin
> db.createUser(
{
user: "darthvader",
pwd: "secretpass",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Now you can enable client access control.
List Users
Start up the mongo shell and tell it to use the admin database. Then use the show users command:
> use admin
> show users
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
Drop Users
To drop users:
> db.dropUser('admin')
true
Starting Mongo with Auth On
As per the mongodb documentation [1], to enable authorization you can either pass --auth when starting mongod or you can set security.authorization in the mongodb config file as follows:
security:
authorization: enabled