How to Enable Authentication in MongoDB Instance

How to Enable Authentication in MongoDB

Enabling authentication in MongoDB ensures that only authorized users can perform operations on your MongoDB instance. By default, MongoDB does not enable authentication, which means anyone can connect to the database and perform actions. Enabling authentication is a critical step for securing your MongoDB server.

Here’s a step-by-step guide on how to enable authentication in MongoDB.

1. Edit MongoDB Configuration File

1. Locate the MongoDB Configuration File
   The MongoDB configuration file is usually named mongod.conf. The location depends on your operating system and how MongoDB was installed:

   • Linux (Ubuntu/Debian): /etc/mongod.conf
   • macOS (Homebrew): /usr/local/etc/mongod.conf
   • Windows: C:\Program Files\MongoDB\Server\{version}\bin\mongod.cfg

2. Edit the MongoDB Configuration File
   Open the mongod.conf file in a text editor.

   For example, on Linux, you can use nano:

   sudo nano /etc/mongod.conf
   

3. Enable Authentication
   In the mongod.conf file, find the security section. If it doesn’t exist, you can add it:

   security:
     authorization: "enabled"
   

   This will enable authentication, meaning users will have to authenticate with a username and password to perform any actions on the MongoDB instance.

4. Save and Exit
   Save the changes to the configuration file and exit the text editor (e.g., in nano, press CTRL + X, then press Y to confirm, and Enter to save).

2. Restart MongoDB Instance

For the changes to take effect, restart the MongoDB service.

• On Linux (systemd):

  sudo systemctl restart mongod
  

• On macOS (Homebrew):

  brew services restart mongodb
  

• On Windows: Restart the MongoDB service from the Services manager or run the following in the Command Prompt (run as Administrator):

  net stop MongoDB
  net start MongoDB
  

3. Create the First Admin User

Once authentication is enabled, the MongoDB instance will require users to authenticate. However, before creating normal users, you must create the admin user (or root user) with full privileges. You will need to authenticate as the admin user to create other users.

A. Connect to MongoDB without Authentication (Initial Access)

1. Open the MongoDB shell:

   mongosh
   

2. Switch to the admin database:

   use admin
   

B. Create the Admin User

Run the following command to create an admin user with root privileges:

db.createUser({
   user: "admin",
   pwd: "password123",   // Replace with a secure password
   roles: [ { role: "root", db: "admin" } ]
});

This will create an admin user with full access to the MongoDB instance.

C. Exit the Shell

Exit the shell:

exit

4. Authenticate with the Admin User

Now that authentication is enabled, you need to authenticate with the admin user.

1. Connect to the MongoDB instance using the mongosh shell and provide the username and password:

   mongosh --username admin --password --authenticationDatabase admin
   

2. After authenticating successfully, you can perform administrative tasks, create other users, and assign roles.

5. Create Application Users (Optional)

You can now create additional users with different roles for your applications.

A. Create a New User with Specific Roles

For example, to create a user for accessing a specific database with readWrite access:

1. Connect to MongoDB as an admin user:

   mongosh --username admin --password --authenticationDatabase admin
   

2. Switch to the desired database:

   use blogDB
   

3. Create a new user for the blogDB database:

   db.createUser({
      user: "appUser",
      pwd: "userPassword123",  // Replace with a secure password
      roles: [ { role: "readWrite", db: "blogDB" } ]
   });
   

This user will have readWrite access to the blogDB database.

6. Verify Authentication

To verify authentication, try accessing MongoDB without providing credentials. It should deny access:

mongosh

You should see an authentication error:

Error: Authentication failed.

Then, connect again with authentication:

mongosh --username admin --password --authenticationDatabase admin

7. Optional: Secure MongoDB with SSL

To further enhance security, you can enable SSL (TLS) encryption for MongoDB to encrypt communication between clients and servers. This is an optional step for securing your MongoDB instance.

8. Summary

• Enabled Authentication in MongoDB by modifying the mongod.conf file and setting authorization: "enabled".
• Created the first admin user to manage the instance and other users.
• Connected with authentication to access and manage MongoDB.
• Created additional users with specific roles for accessing databases.

Enabling authentication is crucial for securing your MongoDB instance, especially when it's exposed to a network or the internet. Would you like more information on user roles or securing MongoDB further? 🚀