MongoDB에 사용자 인증 추가하기

문제점

MongoDB 포트가 노출되어 있으면 누구나 접근할 수 있습니다.

해결방안

• 사용자 인증을 추가합니다.

단계:

• MongoDB 치트 시트를 참고하세요.

1. MongoDB 쉘에 접속합니다

~# mongosh
Current Mongosh Log ID:	64657d9a0cae00f542c4e761
Connecting to:		mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB:		6.0.5
Using Mongosh:		1.8.2

2. admin 데이터베이스로 전환합니다

test> use admin
switched to db admin
admin>

3. 새 사용자를 생성합니다: 이 예시에서는 사용자 이름이 mongo이고 비밀번호는 my_super_secretive_password입니다.

admin> db.createUser({user:"mongo", pwd:"my_super_secretive_password",     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})
{ ok: 1 }

Then exit the mongo shell with exit command

4. mongod.conf 파일을 수정하여 인증을 활성화합니다

sudo nano /etc/mongod.conf

5. security 블록의 주석을 해제합니다

security:
  authorization: enabled

6. 서비스를 재시작합니다

sudo systemctl restart mongod

7. 이제 새로운 사용자 이름과 비밀번호로 mongo 쉘에 로그인합니다

root@acf2:~# mongosh -u mongo -p
Enter password: ************
Current Mongosh Log ID:	64657f7b98afe7736f95d84d
Connecting to:		mongodb://<credentials>@127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB:		6.0.5
Using Mongosh:		1.8.2

For mongosh info see: https://docs.mongodb.com/mongodb-shell/
test> use admin
switched to db admin
admin> show dbs
admin     180.00 KiB
config    108.00 KiB
local      72.00 KiB

root@acf2:~# mongosh
Current Mongosh Log ID:	6465823259eb6286af4e1afa
Connecting to:		mongodb://127.0.0.1:27017/?directConnection=true&serverSelectionTimeoutMS=2000&appName=mongosh+1.8.2
Using MongoDB:		6.0.5
Using Mongosh:		1.8.2

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

test> use admin
switched to db admin
admin> show dbs
MongoServerError: command listDatabases requires authentication
admin> db.auth('mongo', 'my_super_secretive_password')
{ ok: 1 }
admin> show dbs
admin     180.00 KiB
config    108.00 KiB
local      72.00 KiB

User Management

1. 사용자 목록 조회하기

admin> db.getUsers()
{
  users: [
    {
      _id: 'admin.admin',
      userId: new UUID("5d370140-9b81-4831-971d-0c6bbeb73915"),
      user: 'admin',
      db: 'admin',
      roles: [ { role: 'root', db: 'admin' } ],
      mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
    },
    {
      _id: 'admin.mongo',
      userId: new UUID("06de247e-5195-4eac-92de-1cec3737a962"),
      user: 'mongo',
      db: 'admin',
      roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ],
      mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
    }
  ],
  ok: 1
}

2. 추가 권한 부여하기

admin> db.grantRolesToUser("mongo", [{role: "readWrite", db: "products"} ])

3. 빠른 쿼리를 위한 문서의 인덱스 조회/추가/삭제

products> show collections
products_20210301
test1
products> db.products_20210301.find().count()
867024
products> db.products_20210301.findOne()
{
  _id: ObjectId("645b3a381613d08f9fea7a52"),
  namespace: 0,
  title: '!',
  text: '#redirect 느낌표\n',
  contributors: [ 'r:hoon12560', 'namubot' ]
}
products> db.products_20210301.createIndex({title: 'text'})
products> db.products_20210301.dropIndex('title_text')
{ nIndexesWas: 2, ok: 1 }
products> db.products_20210301.getIndexes()
[ { v: 2, key: { _id: 1 }, name: '_id_' } ]
products> db.products_20210301.createIndex({"title":1}, {"unique":true})