Not able to enable authentication in mongoDB

[Vaneet Gupta]

Hi All, 

I have Ubuntu 12.04.1 LTS on which mongo 2.4.3 version is installed. I have uncomment the auth in /etc/mongodb.conf file. After that login into mongo shell, use DB, then db.addUser({user: "readonly", pwd: "readonly", roles: ["readOnly:true"]}) 

Also 

db.addUser("abc","abc")

but when I try to login mongo -u readonly -p readonly DB, db.test.insert("x:1") , it is writting in the database.

Can anyone help me out ?

[Asya Kamsky]

Did you restart the mongod process?  Changed the start-up parameters in the config file only take effect when you start mongod with the latest version of the file - it's not read dynamically while mongod is running, only at start-up.

[Vaneet Gupta]

Hi Asya, 

I did restart the mongoDB serveral times. But it didn't work. Authentication is working.

Readonly user is able to write anything.

[Michael Grundy]

Hi Vaneet -

You're in localhost auth bypass mode. This mode is available so you can start the server in auth mode and then start adding users. It turns off automatically after the first user is added to the admin database. Since it looks like you added your user to the test database, the override is still available. Here are some options:

If you connect to mongod by the external interface (not localhost), auth will be in effect:

mongo -u readonly -p readonly DB, db.test.insert("x:1") --host $(hostname)

You can start mongod with enableLocalhostAuthBypass explicitly disabled to prevent the bypass:

mongod --auth --setParameter enableLocalhostAuthBypass=0 .....

I think the best practice is to set up a user with at least the userAdminAnyDatabase role in the admin database. This user will be able to add users to any database on the server. Many people ask about creating a so-called super user. Here is an example that creates a user with permission to add users, admin databases, r/w access to any database and cluster admin privileges (clusterAdmin is needed to run show dbs)

db.system.users.insert( {"roles" : [ "dbAdminAnyDatabase", "userAdminAnyDatabase", "clusterAdmin", "readWriteAnyDatabase" ], "pwd":"somepassword", "user" : "dbadmin"})

Hope that helps!

Mike

[Vaneet Gupta]

Thanks , I will try this. 

Will it work for every mongoDB version. Currently I am using mongo-2.4.2 version.

Regards

Vaneet Gupta

+919953019061

--
--
You received this message because you are subscribed to the Google
Groups "mongodb-user" group.
To post to this group, send email to mongod...@googlegroups.com
To unsubscribe from this group, send email to
mongodb-user...@googlegroups.com
See also the IRC channel -- freenode.net#mongodb
 
---
You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/mT2QX7gJIbU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Vaneet Gupta]

Thanks Mike, 

I will try it. Will it work for every mongoDB version ? Currently I am using mongo-2.4.2.

[Michael Grundy]

Yes, that will work with 2.4.2. Those directions will work with any revision of MongoDB 2.4