Problem
Anyone can access mongo db if the port is exposed.
Solution
- Add an user authentication.
Steps:
- Connect the mongo shell
~# mongosh
Current Mongosh Log ID: 64657d9a0cae00f542c4e761
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB: 6.0.5
Using Mongosh: 1.8.2
- Switch to admin
test> use admin
switched to db admin
admin>
- Create new user: in this case username is
mongo, password ismy_super_secretive_password.
admin> db.createUser({user:"mongo", pwd:"my_super_secretive_password", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
{ ok: 1 }
Then exit the mongo shell with exit command
- Enable authentication by edititng mongod.conf
sudo nano /etc/mongod.conf
- Uncomment the
securityblock
security:
authorization: enabled
- Restart the service
sudo systemctl restart mongod
- Now login to mongo shell with the new user name and password
root@acf2:~# mongosh -u mongo -p
Enter password: ************
Current Mongosh Log ID: 64657f7b98afe7736f95d84d
Connecting to: mongodb://<credentials>@127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB: 6.0.5
Using Mongosh: 1.8.2
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
test> use admin
switched to db admin
admin> show dbs
admin 180.00 KiB
config 108.00 KiB
local 72.00 KiB
Or you could log in with mongosh and auth later
root@acf2:~# mongosh
Current Mongosh Log ID: 6465823259eb6286af4e1afa
Connecting to: mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB: 6.0.5
Using Mongosh: 1.8.2
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
test> use admin
switched to db admin
admin> show dbs
MongoServerError: command listDatabases requires authentication
admin> db.auth('mongo', 'my_super_secretive_password')
{ ok: 1 }
admin> show dbs
admin 180.00 KiB
config 108.00 KiB
local 72.00 KiB
User Management
- To list the users
admin> db.getUsers()
{
users: [
{
_id: 'admin.admin',
userId: new UUID("5d370140-9b81-4831-971d-0c6bbeb73915"),
user: 'admin',
db: 'admin',
roles: [ { role: 'root', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
},
{
_id: 'admin.mongo',
userId: new UUID("06de247e-5195-4eac-92de-1cec3737a962"),
user: 'mongo',
db: 'admin',
roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
],
ok: 1
}
- Grant more roles
admin> db.grantRolesToUser("mongo", [{role: "readWrite", db: "products"} ])
- Get/Add/Drop index to the documents for faster query
products> show collections
products_20210301
test1
products> db.products_20210301.find().count()
867024
products> db.products_20210301.findOne()
{
_id: ObjectId("645b3a381613d08f9fea7a52"),
namespace: 0,
title: '!',
text: '#redirect 느낌표\n',
contributors: [ 'r:hoon12560', 'namubot' ]
}
products> db.products_20210301.createIndex({title: 'text'})
products> db.products_20210301.dropIndex('title_text')
{ nIndexesWas: 2, ok: 1 }
products> db.products_20210301.getIndexes()
[ { v: 2, key: { _id: 1 }, name: '_id_' } ]
products> db.products_20210301.createIndex({"title":1}, {"unique":true})
