Once MongoDB is installed on Ubuntu, it is important to take some steps to secure the database. The first step is to create an admin user for the database. This user will have full control over the database and can perform all tasks, including creating and deleting databases and collections.
It is important to enable authentication for the MongoDB database. This will require users to enter a username and password in order to access the database. Without authentication enabled, anyone with access to the server would be able to view and modify the data in the database.
In this blog post, you will learn to secure MongoDB databases by enabling user authentication.
Create an Admin User
In the first place, we will create a user (in this case, it’s an admin) for managing all users and databases and then we will create a specific database owner having only read and write privileges on one MongoDB database instance.
Create an admin user on your MongoDB server to manage all users and databases. Connect to Mongo shell and switch to the admin database and create a user.
use admindb.createUser({ "user":"admin", "pwd":"admin_password", "roles":[ { "role":"userAdminAnyDatabase", "db":"admin" } ] })
Verify the authentication, run command on Mongo shell:
db.auth("admin", "admin_password")
The result “1” is for the successful authentication.
Create Database Specific User
Next, create a user for your application database. Select your database using the “use” command and then create a user with the following commands. You need to change the database name, username, and password to the below commands.
use mydbdb.createUser({ "user":"db_user", "pwd":"your_password", "roles":[ { "role":"dbOwner", "db":"mydb" } ] })
Verify the authentication, run command on Mongo shell:
db.auth("db_user", "your_password")
The result “1” is for the successful authentication.
Enabling Authentication on MongoDB
You have successfully created a user for your database. Now, toggle the authorization setting to enforce authentication. To enable the authentication on the MongoDB instance, Edit /etc/mongod.conf file in your favorite text editor.
sudo vim /etc/mongod.conf
Add/Edit the below lines to the configuration file
security:
authorization: enabled
Save your file and close.
Then restart the MongoDB instance to apply the changes.
sudo systemctl restart mongod
All done!
Conclusion
You have secured your MongoDB server by enabling proper authentication on databases. MongoDB will reject all requests without authentication. Its also recommended to restrict Mongodb port 27017 via a firewall, whether it is provided by the cloud hosting or the system’s inbuild firewall.