Wednesday, May 16, 2018

Security Basic Setup – Standalone


Security Basic Setup – Standalone

Here with this example we are going to create a root user who has full access.

1. Start MongoDB without access control.

Start the mongod instance without access control

Config file

net:
  port: 27019
processManagement:
  fork: true
storage:
  dbPath: /data/sand/data
systemLog:
  destination: file
  logAppend: true
  logRotate: rename
  path: /data/sand/logs/mongod.log

# mongod -f /data/sand/conf/mongod.conf



2. Connect to the instance

connect a mongo shell to the instance.

# mongo --port 27019


3. Create the user administrator.

In the admin database, create a user with the root priviledges.

# use admin
db.createUser(
  {
    user: "admin",
    pwd: "admin",
    roles: [ { role: "root", db: "admin" } ]
  }
)


4. Re-start the MongoDB instance with access control.

Re-start the mongod instance with the --auth command line option or, if using a configuration file, the security.authorization setting.

security:
   authorization: enabled

Configuration File

net:
  port: 27019
processManagement:
  fork: true
security:
   authorization: enabled
storage:
  dbPath: /data/sand/data
systemLog:
  destination: file
  logAppend: true
  logRotate: rename
  path: /data/sand/logs/mongod.log

Change the config file entry and restart it –

# mongo admin --port 27019 --eval "db.shutdownServer()"
# mongod -f /data/sand/conf/mongod.conf


5. Connect and authenticate as the user administrator.

To authenticate during connection

# mongo --port 27019 -u "admin" -p "admin" --authenticationDatabase "admin" --quiet


To authenticate after connecting

# mongo --port 27019 –quiet

When you don’t authenticate, you will get an error like this

# use admin
# db.auth("admin","admin")


6. Create additional users as needed for your deployment.

Create a user who will have read and write privileges to test database and only read privilege to reporting database.

# use test
db.createUser(
  {
    user: "myTester",
    pwd: "xyz123",
    roles: [ { role: "readWrite", db: "test" },
             { role: "read", db: "reporting" } ]
  }
)


7. Connect and authenticate as myTester.

To authenticate during connection

# mongo --port 27019 -u "myTester" -p "xyz123" --authenticationDatabase "test"

To authenticate after connecting

# mongo --port 27019
# use test
# db.auth("myTester", "xyz123" )

Insert into a collection as myTester.

As myTester, you have privileges to perform read and write operations in the test database (as well as perform read operations in the reporting database).

# db.foo.insert( { x: 1, y: 1 } )


DoneJ









Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)