MongoDB is a popular NoSQL database known for its flexibility, scalability, and performance. When setting up MongoDB, it’s essential to follow best practices for security, such as creating users with specific roles and privileges.
Step 1: Installing and Running MongoDB
Before we dive into user management, please ensure that MongoDB is installed and running. You can check MongoDB’s official documentation for installation guides specific to your operating system: MongoDB Installation Documentation.
Once MongoDB is installed, start the MongoDB service:
sudo systemctl start mongodOr, run MongoDB manually:
mongod --dbpath /path/to/your/data/directoryStep 2: Create a New Database in MongoDB
MongoDB databases are created implicitly when you perform a write operation. Let’s create a new database called “myapp-db”.
Open the MongoDB shell:
mongoshSwitch to the new database (MongoDB will create the database when we perform the first write):
use myapp-dbInsert a sample document to ensure the database is created:
db.users.insertOne({ name: "sam smith", email: "[email protected]" })Now you have a new database(myapp-db) and added a collection of users with a sample document.
Step 3: Create a New Database User with Specific Privileges
MongoDB allows you to create users and assign roles to restrict access and operations within specific databases. Lets create a user(myappuser) who has both read and write acess to the database “myapp-db”.
Switch to database “myapp-db”
use myapp-dbCreate the new user with readwrite role:
db.createUser({
user: "myappuser",
pwd: "securepassword", // Replace with a strong password
roles: [{ role: "readWrite", db: "myapp-db" }]
})Replace “securepassword” with a strong password for the user.
Testing the New User
To ensure the new user works correctly, log out of the current MongoDB session and log in as “myappuser”:
mongosh --username myappuser --password myappsecurepassword --authenticationDatabase myapp-dbReplace “myappsecurepassword” with password created for the user.
Once logged in, try to perform read and write operations to verify the user’s permissions:
use myapp-db
db.users.insertOne({ name: "John smith", email: "[email protected]" }) // Should succeed
db.users.find() // Should display documentsCreate a Root User for Administrative Control
For full administrative control over your MongoDB instance, it’s crucial to create a root user. The root user has access to all databases and operations.
Switch to the admin database, which is the default place for creating administrative users:
use adminCreate the root user:
db.createUser({
user: "root",
pwd: "rootsecurepassword", // Replace with a strong password
roles: [{ role: "root", db: "admin" }]
})Replace “rootsecurepassword” with a strong password for the admin user.
The root role grants full access to all databases and operations in MongoDB.
If MongoDB authentication is not enabled, anyone can connect to your MongoDB instance without credentials, which poses a significant security risk. To enable authentication:
Edit the MongoDB configuration file (mongod.conf):
sudo nano /etc/mongod.confLook for the security section and add the following:
security:
authorization: enabledRestart the MongoDB service:
sudo systemctl restart mongodTesting Root User Access
mongosh --username root --password rootsecurepassword --authenticationDatabase adminOnce logged in, you can perform administrative operations across all databases:
use myapp-db
db.dropDatabase() // Drop the database as rootThe root user has full control over the MongoDB instance.