Thursday, August 8, 2019

How to enable authorization in Mongodb

Before you enable authorization make sure you create a root user. So then you can take care of all your admin activities.

 mongo
MongoDB shell version v3.6.13
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("a68a42c6-bafe-4855-8e4f-12cd19403bb2") }
MongoDB server version: 3.6.13
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        http://docs.mongodb.org/
Questions? Try the support group
        http://groups.google.com/group/mongodb-user
Server has startup warnings:
2019-08-08T12:25:19.569+0000 I CONTROL  [initandlisten]
2019-08-08T12:25:19.569+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2019-08-08T12:25:19.569+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2019-08-08T12:25:19.569+0000 I CONTROL  [initandlisten]
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten]
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten]
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2019-08-08T12:25:19.570+0000 I CONTROL  [initandlisten]

> use admin
switched to db admin
> db.createUser(
...   {
...     user: "mongo-root",
...     pwd: "passw0rd",
...     roles: [ { role: "root", db: "admin" } ]
...   }
... )
Successfully added user: {
        "user" : "mongo-root",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}
> db.createUser(
...   {
...     user: "mongo-admin",
...     pwd: "passw0rd",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
        "user" : "mongo-admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}
> exit

I have created 2 users. One root and other userAdminAnyDatabase

sudo systemctl stop mongod

sudo vi /etc/mongod.com  -- add below parameters

+++++++++++++++++++++++++++
security:
  authorization: "enabled"
++++++++++++++++++++++++++++++

sudo systemctl start mongod

[mongod@sikki4u1c RS1]$ mongo -u mongo-admin -p passw0rd
MongoDB shell version v3.6.13
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("830fdb23-1b2d-45a2-9b8d-4e4dc88d8c41") }
MongoDB server version: 3.6.13
> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB
>


Thanks




posted by Ashish Francis @ August 08, 2019   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home