In this article, we will see how to create users in MongoDB and use it for user authentication to each database with MongoDB auth settings. We will start with some general rules associated with user authentication in MongoDB.
MongoDB statements given in this article is tested in Mongo shell 2.2.2
General Rules
- Users are created per database
- There are two types of users, normal user and read only user. Normal users have both read and write permissions in a database including user creation privilege. Read only user has only read permission in a database
- “admin” database is a unique database in MongoDB. A normal user in “admin” database will be a normal user in all the other databases. A read only user in “admin” will be a read only user in all the other databases.
- In every database, user credentials are stored in the collection system.users
- The value of “auth” variable in mongodb.conf should be true. This will be false by default.
- There should be at least one user in “admin” database to start authentication.
Enabling “auth” in MongoDB
- Open the MongoDB configuration file namley “mongodb.conf” and uncomment the line auth = true
- Restart MongoDB service [ In Ubuntu , $sudo service mongodb restart ]
Creating user in MongoDB
In MongoDB, users are created per database. So for creating a user in a database, open that database and enter the command db.addUser() as given below.
Syntax
db.addUser(username, password[, readOnly=false])
Example : Creating a normal user with user name “admw” and password “admw” in admin database
> use admin
switched to db admin
>db.addUser("admw","admw",false)
{
"user" : "admw",
"readOnly" : false,
"pwd" : "78d7dec6bd1dc3980f372c8a03aa8138",
"_id" : ObjectId("50d3b6013f87248a73eaa891")
}
In the above example, we have created a user “admw” in the “admin” database. The “admin” database is a unique special database, where the user created in it have access to all the other databases with same user type.
Also, user authentication starts working if and only if there exists at least one user in the “admin” database.
Authenticating a user or Login into a MongoDB database
Syntax
db.auth(username, password)
Example
In the above step, we have created a user “admw” in “admin” database. Now let us see how to authenticate “admw” to the database “admin”
> db.auth("admw","admw")
1
Listing existing users in a MongoDB database
Method 1 : Using “show users”
> show users
{
"_id" : ObjectId("50d3bb32b4dda56024bb14cb"),
"user" : "admw",
"readOnly" : false,
"pwd" : "78d7dec6bd1dc3980f372c8a03aa8138"
}
Method 2 : From the collection “system.users”
>db.system.users.find()
{ "_id" : ObjectId("50d3bb32b4dda56024bb14cb"), "user" : "admw", "readOnly" : false, "pwd" : "78d7dec6bd1dc3980f372c8a03aa8138" }
Logout from MongoDB
Syntax
db.logout()
Example
>db.logout()
{ "ok" : 1 }
User authentication in action
Now let us open “university” database
>use university switched to db university
List all collections using “show collections”
> show collections
Fri Dec 21 07:58:55 uncaught exception: error: {
"$err" : "unauthorized db:university ns:university.system.namespaces lock type:1 client:127.0.0.1",
"code" : 10057
}
// Since user is logged out in the above step
Authenticate user “admw” to access “university” database
> use admin
switched to db admin
> db.auth("admw","admw")
1
> use university
switched to db university
> show collections
students
system.indexes
system.users
Create a new user “admu” for the database “university”
{
"user" : "admu",
"readOnly" : false,
"pwd" : "ff4963bf7301227297746a4d7ce30b73",
"_id" : ObjectId("50d3cc1b44b9b77036a69ae3")
}
Logout user “admw”
> db.logout()
{ "ok" : 1 }
Login with user name “admu” to access university
>db.auth("admu","admu")
1
List all collections using “show collections” as the user “admu”
>show collections students system.indexes system.users
Changing Password of user “admu” in “university” database
> db.addUser("admu","new_pass")
{
"_id" : ObjectId("50d3cc1b44b9b77036a69ae3"),
"user" : "admu",
"readOnly" : false,
"pwd" : "5a69f08821bbdbb36124b6fea13980fc"
}
Creating a read only user namely “admr” in “university” database
> db.addUser("admr","admr",true)
{
"user" : "admr",
"readOnly" : true,
"pwd" : "bccc6b404efa27044056654cb2973af8",
"_id" : ObjectId("50d3d37044b9b77036a69ae4")
}
// Normal users can create new users. Here admu is a normal user
Logout user “admu”
>db.logout()
Login with user name “admr” to access university
> db.auth("admr","admr")
1
List all collections using “show collections” as the user “admr”
>show collections students system.indexes system.users
Creating a new collection namely “employees” in “university” database by user “admr”
> db.createCollection("employees")
{ "ok" : 1 }
Inserting a new document into “employees” collection y user “admr”
> db.employees.insert({name:"Akash",department:"CS"})
unauthorized
// Since admr is a read only user
I am George Mathew, working as software architect and Android app developer at wptrafficanalyzer.in
You can hire me on hourly basis or on project basis for Android applications development.
For hiring me, please mail your requirements to info@wptrafficanalyzer.in.
My other blogs
store4js.blogspot.com
Ready to test your knowledge in Android? Take this quiz :
