Mongo secure database - mongodb

I'mnew on mongo and I'm finding some diferencces with SQL database, I'have created a database and I have created an user this way
db.createUser(
{
user: "chatlearning",
pwd: "mypass",
roles: [ { role: "readWrite", db: "chatlearning" }]
}
)
But I can acces to the database with mongodb compass without introducing any login ingo , what do I have to avoid the access to the database to any other user that not intruces the login?

After creating user have you restarted the mongo server in auth mode?
Here the process to start the mongod with access control enabled.
If you start the mongod from the command line, add the --auth command line option:
mongod --auth --port 27017 --dbpath /var/lib/mongodb
If you start the mongod using a configuration file (/etc/mongod.conf), add the security.authorization configuration file setting:
security:
authorization: enabled

Related

MongoDB Compass Community: Databases are visible but their collections are not showing up after authentication

I created a default admin user with the following command in mongoshell:
use admin
db.createUser(
{
user: "root",
pwd: "root",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Then I authenticated using the shell and my credentianls as following:
mongo --port 27017 -u "root" -p "root" --authenticationDatabase "admin"
In the shell I am able to see the users and version collections using:
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
> use admin
switched to db admin
> show tables
system.users
system.version
>
Now when I try to access these tables from MongoDB Compass Community I first authenticate:
Now the admin database is showing up empty?
How can I access the users collection and the other collections from the graphic interface just as I did from the shell?
The reason why you cannot see the user collection and other collections is the userAdminAnyDatabase built-in role. By default It does not need the necessary rights to read those collections.
Try root or dbAdminAnyDatabase depends on your needs.
Cheers,
Resource:
https://docs.mongodb.com/manual/reference/built-in-roles/
In short : Use "root" in role instead of "userAdminAnyDatabase" and try again.
If use was set this config in "C:\Program Files\MongoDB\Server\4.4\bin\mongod.cfg"
security:
authorization: enabled
You need to comment these 2 line by insert # at start of lines.
Then restart service of "MongoDB Server (MongoDB)".
Open Cmd type these command line by line
mongo
use admin
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
Then uncomment security and authorization in mongod.cfg and restart service "MongoDB Server (MongoDB)" again.
You can see how to create or update user role in this answer
Thanks Dan Dascalescu.
https://stackoverflow.com/a/29472184/4418749

See / change local username and password for MongoDB?

Ive downloaded a project using MongoDB and im having trouble getting set up. From the terminal where ive run mongod I see this error:
2017-05-26T14:51:22.908+0800 I ACCESS [conn21] SCRAM-SHA-1 authentication failed for user on wesbostest from client 127.0.0.1:51653 ; UserNotFound: Could not find user user#wesbostest
From my npm start terminal mongoose logs out this error: Authentication failed.
My environment file has this line:
DATABASE=mongodb://user:pass#localhost:27017/wesbostest
Ive got MongoDB Compass installed. It successfully connects with these settings:
Hostname: localhost
Port: 27017
Authentication: None
SSL: Off
SSH Tunnel: Off
So I think the user:pass part of the environment file is wrong? How can I see what local username and password are and/or set them if no authentication is set up?
I solved this by setting a username and password for MongoDB:
MongoDB what are the default user and password?
Procedure
Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db1
Connect to the instance.
mongo --port 27017
Create the user administrator.
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db1
Authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" \
--authenticationDatabase "admin"

MongoDB: Server has startup warnings ''Access control is not enabled for the database''

I firstly installed MongoDB 3.4.1 today. But when I start it and use MongoDB shell, it gave me these warnings below:
C:\Users\hs>"C:\Program Files\MongoDB\Server\3.4\bin\mongo.exe
MongoDB shell version v3.4.1
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.1
Server has startup warnings:
2017-01-12T21:19:46.941+0800 I CONTROL [initandlisten]
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-01-12T21:19:46.942+0800 I CONTROL [initandlisten]
my computer is Microsoft Windows [version 10.0.14393].
Mongodb v3.4
You need to do the following to create a secure database:
Make sure the user starting the process has permissions and that the directories exist (/data/db in this case).
1) Start MongoDB without access control.
mongod --port 27017 --dbpath /data/db
2) Connect to the instance.
mongo --port 27017
3) Create the user administrator (in the admin authentication database).
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Re-start the MongoDB instance with access control.
mongod --auth --port 27017 --dbpath /data/db
5) Connect and authenticate as the user administrator.
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
6) Create additional users as needed for your deployment (e.g. in the test authentication database).
use test
db.createUser(
{
user: "myTester",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "test" },
{ role: "read", db: "reporting" } ]
}
)
7) Connect and authenticate as myTester.
mongo --port 27017 -u "myTester" -p "xyz123" --authenticationDatabase "test"
I basically just explained the short version of the official docs here: https://docs.mongodb.com/master/tutorial/enable-authentication/
OMG, what a gas plant, that top answer!
All you need to do is to:
Edit your config, e.g. C:\Program Files\MongoDB\Server\4.4\bin\mongodb.cfg
Turn the security: authorization: to enabled, as illustrated; note that this sub-entry may be missing completely. Just add it then.
Restart your MongoDB Server service from the Windows Services control panel.
Obviously, if, following this, set up a read/readWrite role-based policy, that will make much more sense.
Ref: https://docs.mongodb.com/manual/tutorial/configure-scram-client-authentication/
I've just tested this using phpunit, works as expected.
you can create an admin user or another role.
run it on mongo shell.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"]})
if you get SCRAM-SHA-256error you can set the SHA-1 mechanism.
db.createUser({user: "username", pwd: "password", roles: ["dbAdmin"], mechanisms: ["SCRAM-SHA-1"]})
You need to delete your old db folder and recreate new one. It will resolve your issue.

authentication with mongo shard

I am setting up a Mongo test shard and would like to use Mongo user authentication with it. I have added the user on the config server(s). I am not certain if I need to add the same user on all the shards as well. I am assuming I do not need to add the user on the query router (mongos). However, when I simply add the user on the config server (via the Mongo shell), I can authenticate if I stay in the shell. However, as soon as I log out of the shell and log back in, I am unable to log back in with the same credentials. The shard servers do have a data directory associated with them as does the config server. Any ideas on how to troubleshoot this further?
Creating user
db.createUser( { user: "test",
pwd: "testPassword",
roles: [ { role: "clusterAdmin", db: "admin" },
{ role: "readAnyDatabase", db: "admin" },
"readWrite"] },
{ w: "majority" , wtimeout: 5000 } )
authenticating
db.auth("test", "testPassword")
I did specify a data directory for the config server (running on port 27019, not 27017 & the data directory has the correct permissions for the mongo process).
mongod --configsvr --dbpath /var/lib/mongodb3 --port 27019
Once the mongo cluster is properly setup (query router connected to config server and shards with replica sets & config serers/shards writing to disk), I was able to simply add the user via the query router and get authentication working with a Mongo Java driver

Mongo DB Authentication 3.0.4

I am having an issue with mongo db 3.0.4 that randomly started happening today. The authentication stopped working randomly without any user action on our part. Our setup is easy. One application, one database. I take the application out of the equation and I still get the same result. Here are the steps I am taking. Reinstalled mongo and pointed the logpath and dbpath to a new folder to start from scratch.
Create the config file.
logpath=c:\data\logs\mongod.log
dbpath=c:\data\db
Log in to mongo shell and run this command.
db.createUser({user: "admin",pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" }]})
Add the auth=true in the config file.
auth=true
Restart the mongodb service.
Start up mongo shell with
mongo -u admin -p admin --authenticationDatabase admin
Then I get the Error 18 Authentication failed.
I am really lost for words. Any help would be greatly appreciated.
Thanks
i think user doesn't have efficient privileges. try with this role.
use admin
{user:"admin",pwd:"admin",roles:["root"]}
Before create the user, you need to change the db and create it in admin db.
Disable auth
Enter to mongo shell
Change db to admin ('use admin')
now create the user.
Enable the auth again (with auth or mongodb-keyfile)
Enter mongo shell with:
mongo -u admin -p admin --authenticationDatabase admin