I want to set up user name & password authentication for my MongoDB instance, so that any remote access will ask for the user name & password. I tried the tutorial from the MongoDB site and did following:

use admin
db.addUser('theadmin', '12345');
db.auth('theadmin','12345');

After that, I exited and ran mongo again. And I don't need password to access it. Even if I connect to the database remotely, I am not prompted for user name & password.

---

UPDATE Here is the solution I ended up using

1) At the mongo command line, set the administrator:

   开发者_StackOverflow中文版 use admin;
    db.addUser('admin','123456');

2) Shutdown the server and exit

    db.shutdownServer();
    exit

3) Restart mongod with --auth

  $ sudo ./mongodb/bin/mongod --auth --dbpath /mnt/db/

4) Run mongo again in 2 ways:

   i) run mongo first then login:

        $ ./mongodb/bin/mongo localhost:27017
        use admin
        db.auth('admin','123456');

  ii) run & login to mongo in command line.

        $ ./mongodb/bin/mongo localhost:27017/admin -u admin -p 123456

The username & password will work the same way for mongodump and mongoexport.

---

You need to start mongod with the --auth option after setting up the user.

From the MongoDB Site:

Run the database (mongod process) with the --auth option to enable security. You must either have added a user to the admin db before starting the server with --auth, or add the first user from the localhost interface.

MongoDB Authentication

---

Wow so many complicated/confusing answers here.

This is as of v3.4.

Short answer.

1. Start MongoDB without access control (/data/db or where your db is).

   mongod --dbpath /data/db
   

2. Connect to the instance.

   mongo
   

3. Create the user.

   use some_db
   db.createUser(
     {
       user: "myNormalUser",
       pwd: "xyz123",
       roles: [ { role: "readWrite", db: "some_db" },
                { role: "read", db: "some_other_db" } ]
     }
   )
   

4. Stop the MongoDB instance and start it again with access control.

   mongod --auth --dbpath /data/db
   

5. Connect and authenticate as the user.

   use some_db
   db.auth("myNormalUser", "xyz123")
   db.foo.insert({x:1})
   use some_other_db
   db.foo.find({})
   

Long answer: Read this if you want to properly understand.

It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/

If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/

1. Start MongoDB without access control.

   mongod --dbpath /data/db
   

2. Connect to the instance.

   mongo
   

3. Create the user administrator. The following creates a user administrator in the admin authentication database. The user is a dbOwner over the some_db database and NOT over the admin database, this is important to remember.

   use admin
   db.createUser(
     {
       user: "myDbOwner",
       pwd: "abc123",
       roles: [ { role: "dbOwner", db: "some_db" } ]
     }
   )
   

Or if you want to create an admin which is admin over any database:

   use admin
   db.createUser(
     {
       user: "myUserAdmin",
       pwd: "abc123",
       roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
     }
   )

4. Stop the MongoDB instance and start it again with access control.

   mongod --auth --dbpath /data/db
   

5. Connect and authenticate as the user administrator towards the admin authentication database, NOT towards the some_db authentication database. The user administrator was created in the admin authentication database, the user does not exist in the some_db authentication database.

   use admin
   db.auth("myDbOwner", "abc123")
   

You are now authenticated as a dbOwner over the some_db database. So now if you wish to read/write/do stuff directly towards the some_db database you can change to it.

use some_db
//...do stuff like db.foo.insert({x:1})
// remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example.

More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/

If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.

6. Create a normal user. This user will be created in the some_db authentication database down below.

   use some_db
   db.createUser(
     {
       user: "myNormalUser",
       pwd: "xyz123",
       roles: [ { role: "readWrite", db: "some_db" },
                { role: "read", db: "some_other_db" } ]
     }
   )
   

7. Exit the mongo shell, re-connect, authenticate as the user.

   use some_db
   db.auth("myNormalUser", "xyz123")
   db.foo.insert({x:1})
   use some_other_db
   db.foo.find({})
   

Last but not least due to users not reading the commands I posted correctly regarding the --auth flag, you can set this value in the configuration file for mongoDB if you do not wish to set it as a flag.

---

First, un-comment the line that starts with #auth=true in your mongod configuration file (default path /etc/mongod.conf). This will enable authentication for mongodb.

Then, restart mongodb : sudo service mongod restart

---

This answer is for Mongo 3.2.1 Reference

Terminal 1:

$ mongod --auth

Terminal 2:

db.createUser({user:"admin_name", pwd:"1234",roles:["readWrite","dbAdmin"]})

if you want to add without roles (optional):

db.createUser({user:"admin_name", pwd:"1234", roles:[]})

to check if authenticated or not:

db.auth("admin_name", "1234")

it should give you:

1

else :

Error: Authentication failed.
0

---

Here is a javascript code to add users.

1. Start mongod with --auth = true

2. Access admin database from mongo shell and pass the javascript file.

   mongo admin "Filename.js"

   "Filename.js"

   // Adding admin user
   db.addUser("admin_username", " admin_password");
   // Authenticate admin user
   db.auth("admin_username ", " admin_password ");
   // use  database code from java script
   db = db.getSiblingDB("newDatabase");
   // Adding newDatabase database user  
   db.addUser("database_username ", " database_ password ");
   

3. Now user addition is complete, we can verify accessing the database from mongo shell

---

https://docs.mongodb.com/manual/reference/configuration-options/#security.authorization

Edit the mongo settings file;

sudo nano /etc/mongod.conf

Add the line:

security.authorization : enabled

Restart the service

sudo service mongod restart

Regards

---

You could change /etc/mongod.conf.

Before

#security:

After

security:
    authorization: "enabled"

Then sudo service mongod restart

---

First run mongoDB on terminal using

mongod

now run mongo shell use following commands

    use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

Re-start the MongoDB instance with access control.

mongod --auth

Now authenticate yourself from the command line using

mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

I read it from

https://docs.mongodb.com/manual/tutorial/enable-authentication/

---

This is what I did on Ubuntu 18.04:

$ sudo apt install mongodb
$ mongo
> show dbs
> use admin
> db.createUser({  user: "root",  pwd: "rootpw",  roles: [ "root" ]  })  // root user can do anything
> use lefa
> db.lefa.save( {name:"test"} )
> db.lefa.find()
> show dbs
> db.createUser({  user: "lefa",  pwd: "lefapw",  roles: [ { role: "dbOwner", db: "lefa" } ]  }) // admin of a db
> exit
$ sudo vim /etc/mongodb.conf
auth = true
$ sudo systemctl restart mongodb
$ mongo -u "root" -p "rootpw" --authenticationDatabase  "admin"
> use admin
> exit
$ mongo -u "lefa" -p "lefapw" --authenticationDatabase  "lefa"
> use lefa
> exit

---

User creation with password for a specific database to secure database access :

use dbName

db.createUser(
   {
     user: "dbUser",
     pwd: "dbPassword",
     roles: [ "readWrite", "dbAdmin" ]
   }
)

---

Follow the below steps in order

• Create a user using the CLI

use admin
db.createUser(
  {
    user: "admin",
    pwd: "admin123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
  }
)

• Enable authentication, how you do it differs based on your OS, if you are using windows you can simply mongod --auth in case of linux you can edit the /etc/mongod.conf file to add security.authorization : enabled and then restart the mongd service
• To connect via cli mongo -u "admin" -p "admin123" --authenticationDatabase "admin". That's it

You can check out this post to go into more details and to learn connecting to it using mongoose.

---

This is what i did for ubuntu 20.04 and mongodb enterprise 4.4.2:

1. start mongo shell by typing mongo in terminal.

2. use admin database:

use admin

3. create a new user and assign your intended role:

use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: passwordPrompt(), // or cleartext password
    roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
  }
)

4. exit mongo and add the following line to etc/mongod.conf:

security:
    authorization: enabled

5. restart mongodb server

(optional) 6.If you want your user to have root access you can either specify it when creating your user like:

db.createUser(
  {
    user: "myUserAdmin",
    pwd: passwordPrompt(), // or cleartext password
    roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]
  }
)

or you can change user role using:

db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])

---

Some of the answers are sending mixed signals between using --auth command line flag or setting config file property.

security:
  authorization: enabled

I would like to clarify that aspect. First of all, authentication credentials (ie user/password) in both cases has to be created by executing db.createUser query on the default admin database. Once credentials are obtained, there are two ways to enable authentication:

1. Without a custom config file: This is when the former auth flag is applicable. Start mongod like: usr/bin/mongod --auth
2. With a custom config file: This is when the latter configs has to be present in the custom config file.Start mongod like: usr/bin/mongod --config <config file path>

To connect to the mongo shell with authentication: mongo -u <user> -p <password> --authenticationDatabase admin

--authenticationDatabase here is the database name where the user was created. All other mongo commands like mongorestore, mongodump accept the additional options ie -u <user> -p <password> --authenticationDatabase admin

Refer to https://docs.mongodb.com/manual/tutorial/enable-authentication/ for details.

---

The best practice to connect to mongoDB as follow:

1. After initial installation,

   use admin

2. Then run the following script to create admin user

    db.createUser(
     {
         user: "YourUserName",
         pwd: "YourPassword",
         roles: [
                   { role: "userAdminAnyDatabase", db: "admin" },
                   { role: "readWriteAnyDatabase", db: "admin" },
                   { role: "dbAdminAnyDatabase", db: "admin" },
                   { role: "clusterAdmin", db: "admin" }
                ]
     })

the following script will create the admin user for the DB.

3. log into the db.admin using

   mongo -u YourUserName -p YourPassword admin

4. After login, you can create N number of the database with same admin credential or different by repeating the 1 to 3.

This allows you to create different user and password for the different collection you creating in the MongoDB

---

These steps worked on me:

1. write mongod --port 27017 on cmd
2. then connect to mongo shell : mongo --port 27017
3. create the user admin : use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
4. disconnect mongo shell
5. restart the mongodb : mongod --auth --port 27017
6. start mongo shell : mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
7. To authenticate after connecting, Connect the mongo shell to the mongod: mongo --port 27017
8. switch to the authentication database : use admin db.auth("myUserAdmin", "abc123"

---

You'll need to switch to the database you want the user on (not the admin db) ...

use mydatabase

See this post for more help ... https://web.archive.org/web/20140316031938/http://learnmongo.com/posts/quick-tip-mongodb-users/

---

mongodb 4.4.13 community

1. create database user

use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

1.2 verify working

> db.auth('myUserAdmin','abc123')

< { ok: 1 }

if it fails you get

> db.auth('myUserAdmin','amongus')

MongoServerError: Authentication failed.

2. modify /etc/mongod.conf

nano /etc/mongod.conf

change:

#security:

to:

security:
  authorization: enabled

3. restart mongod service

sudo service mongod restart

this is what worked for me.

---

after you create new user, please don't forget to grant read/write/root permission to the user. you can try the

cmd: db.grantRolesToUser('yourNewUsername',[{ role: "root", db: "admin" }])

---

Many duplicate answers but I think they miss an important note:

Even when authentication is enabled properly you can connect to the Mongo database without username/password!

However, you can execute only harmless commands like db.help(), db.getMongo(), db.listCommands(), etc.

$ mongo 
MongoDB shell version v4.4.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("f662858b-8658-4e33-a735-120e3639c131") }
MongoDB server version: 4.4.3
mongos> db.getMongo()
connection to 127.0.0.1:27017
mongos> db
test
mongos> db.version()
4.4.3
mongos> db.runCommand({connectionStatus : 1})
{
        "authInfo" : {
                "authenticatedUsers" : [ ],
                "authenticatedUserRoles" : [ ]
        },
        "ok" : 1,
        "operationTime" : Timestamp(1618996970, 2),
        "$clusterTime" : {
                "clusterTime" : Timestamp(1618996970, 2),
                "signature" : {
                        "hash" : BinData(0,"Kre9jvnJvsW+OVCl1QC+eKSBbbY="),
                        "keyId" : NumberLong("6944343118355365892")
                }
        }
}

---

I have done this in version 6.0 how to set user name and password for a database;

install MongoDB 6.0 or higher create database(whatever the name may be) in MongoDB using compass

install MongoDB Shell https://www.mongodb.com/try/download/shell

open cmd

cd C:\Program Files\mongosh

mongosh "mongodb://localhost:27017"

use #your database name#

db.createUser( { user: "xxx", pwd: "xxx", roles: [ { role: "readWrite", db: "xxx" } ] } )