Open the mongod.conf file in a text editor with superuser privileges. You can use nano, vim, or any other text editor of your choice. Here’s how to do it with nano:
sudo nano /etc/mongod.conf
Add or update the following lines to enable authorization:
security:
authorization: enabledSave the file and exit the text editor. For nano, you can save and exit by pressing CTRL + X, then Y, and then ENTER.
After updating the configuration file, restart the MongoDB service to apply the changes:
sudo systemctl restart mongod
This command opens the MongoDB shell (mongosh) and connects to MongoDB running on port 27017. Since no authentication credentials are provided, it assumes that access control is not yet enabled.
mongosh --port 27017
This command switches the current database context to the admin database. The admin database is special in MongoDB and is used for administrative tasks, including user management.
use admin
db.createUser(
{
user: "superAdmin",
pwd: passwordPrompt(), // This will prompt the user to enter a password securely
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
}
)
This command creates a new user named superAdmin with administrative privileges. The passwordPrompt() function securely prompts the user to enter a password. The roles assigned to this user are:
- userAdminAnyDatabase: Allows the user to manage users across all databases.
- readWriteAnyDatabase: Allows the user to read and write data in any database.
exit
This command opens the MongoDB shell again, but this time it connects using the superAdmin user created earlier. The --authenticationDatabase "admin" option specifies that the user's credentials should be authenticated against the admin database. The -u and -p options provide the username and prompt for the password, respectively.
mongosh --port 27017 --authenticationDatabase "admin" -u "superAdmin" -p
This command switches the current database context to your_db_name, which is the database for which you want to create a new user.
user your_db_name
db.createUser(
{
user: "yourUsername",
pwd: passwordPrompt(), // This will prompt the user to enter a password securely
roles: [ { role: "readWrite", db: "your_db_name" } ]
}
)
This command creates a new user named yourUsername with read and write privileges on your_db_name. The passwordPrompt() function securely prompts the user to enter a password.
This command grants the readWrite role on your_db_name to yourUsername. This role allows the user to read and write data in your_db_name.
db.grantRolesToUser("yourUsername", [ { role: "readWrite", db: "your_db_name" }] );
exit
This command checks the status of the MongoDB service. It uses systemctl, which is a system and service manager for Linux operating systems. The mongod service is the primary daemon process for MongoDB.
sudo systemctl status mongod
This command restarts the MongoDB service. Restarting the service is often necessary to apply configuration changes, such as enabling authentication.
sudo systemctl restart mongod
By following these commands, you can set up and manage users in MongoDB with appropriate roles and privileges. This ensures secure access to your MongoDB databases.