Professional Documents
Culture Documents
06 Seguridad Mongodb
06 Seguridad Mongodb
06 Seguridad Mongodb
Databases
Security
Ubuntu
MongoDB
NoSQL
Ubuntu 20.04
By Mark Drake
Manager, Developer Education
English
An earlier version of this tutorial was written by Melissa Anderson.
Introduction
Prerequisites
To complete this tutorial, you will need the following:
1. mongo
2.
Copy
There will be some output above the Mongo shell prompt. Because
you haven’t yet enabled authentication, this will include a warning that
access control isn’t enabled for the database and that read and write
access to data and and the database’s configuration are unrestricted:
Output
. . .
. . .
>
These warnings will disappear after you enable authentication, but for
now they mean anyone who can access your Ubuntu server could also
take control over your database.
1. show dbs
2.
Copy
Output
admin 0.000GB
config 0.000GB
local 0.000GB
1. use admin
2.
Copy
Output
switched to db admin
Initiate the db.createUser method:
1. db.createUser(
2.
Copy
This method requires you to specify a username and password for the
user, as well as any roles you want the user to have. Recall that
MongoDB stores its data in JSON-like documents. As such, when you
create a new user, all you’re doing is creating a document to hold the
appropriate user data as individual fields.
1. {
2.
Copy
1. user: "AdminSammy",
2.
Copy
1. pwd: "password",
2.
Copy
Then enter the roles you want your administrative user to have.
Because you’re creating an administrative user, at a minimum you
should grant them the userAdminAnyDatabase role over
the admin database. This will allow the administrative user to create
and modify new users and roles. Because the administrative user has
this role in the admin database, this will also grant it superuser access
to the entire cluster.
1. }
2.
Copy
1. )
2.
Copy
> db.createUser(
... {
... }
... )
If each line’s syntax is correct, the method will execute properly and
you’ll be prompted to enter a password:
Output
Enter password:
Output
"user" : "AdminSammy",
"roles" : [
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
"readWriteAnyDatabase"
1. exit
2.
Copy
Open the configuration file with your preferred text editor. Here, we’ll
use nano:
#security:
#operationProfiling:
. . .
security:
#operationProfiling:
. . .
security:
authorization: enabled
. . .
After adding these lines, save and close the file. If you used nano to
open the file, do so by pressing CTRL + X, Y, then ENTER.
Then restart the daemon to put these new changes into effect:
Next, check the service’s status to make sure that it restarted correctly:
Output
Docs: https://docs.mongodb.org/manual
Memory: 170.1M
CGroup: /system.slice/mongod.service
└─15370 /usr/bin/mongod --config /etc/mongod.conf
Having verified the daemon is back up and running, you can test that
the authentication setting you added works as expected.
1. mongo
2.
Copy
Output
>
1. show dbs
2.
Copy
Recall from Step 1 that there are at least a few default databases on
your server. However, in this case the command won’t have any output
because you haven’t authenticated as a privileged user.
Because this command doesn’t return any information, it’s safe to say
the authentication setting is working as expected. You also won’t be
able to create users or perform other privileged tasks without first
authenticating.
1. exit
2.
Copy
Enter the user’s password when prompted, and then you’ll be dropped
into the shell. Once there, try issuing the show dbs command again:
1. show dbs
2.
Copy
Output
admin 0.000GB
config 0.000GB
local 0.000GB
Conclusion
By completing this guide, you’ve set up an administrative MongoDB
user which you can employ to create and modify new users and roles,
and otherwise manage your MongoDB instance. You also configured
your MongoDB instance to require that users authenticate with a valid
username and password before they can interact with any data.
Also, if you plan to interact with your MongoDB instance remotely, you
can follow our guide on How To Configure Remote Access for
MongoDB on Ubuntu 20.04.