mongo aut

Quick Tip: Using Users in MongoDB

 

By default a MongoDB install does not use a username/password combination to access the database.

No Password, But Why?

This is down to the design philosophy of MongoDB which is to push much of the “logic” to the application level and keep the database doing what databases do best! Hence,  given the way that MongoDB is normally used it’s generally not necessary.

In a SQL environment you might have multiple users with multiple groups and schemas to lock down different levels of the database, tables, views, stored procedures, etc. …

The idea of this is of course to 1) protect data from unauthorized modification or deletion as well as 2)  limiting the tug ‘o war between users by clearly defining their rights.

So, you can give the accounting department different privileges then the marketing department or given root access to the developers (of course.)

Conversely MongoDB’s design philosophy would pass these (generally) over to the application itself to handle.

I Don’t Care, I Still Want Passwords!

No worries, if the idea of no users/passwords keeps you up at nights you can still have them!

MongoDB (currently) supports users on the database level with both “read/write” and “read only” options.

You can see all the users in a database in the system.userscollection …

> use mydatabase
> db.system.users.find()

Creating MongoDB Users

To adding a new user is fairly straight forward …

Read/Write User

$ ./mongo
> use mydatabase
> db.addUser("admin", "Sup3rG00dP@azzword")

This creates a read/write user for the database mydatabase (you can choose any username you wish.)

This user will be “good for” this database alone.

Read Only User

> db.addUser("web", "prettyGoodPass", true)

The “true” parameter there makes the user read only (great for parts of the application code that you want to make sure never accidentally preform a write operation.)

Using A User: Authenticate

To “login” as a user you’ll need to authenticate, simply use …

> db.auth("admin", "Sup3rG00dP@azzword")

You can also authenticate via the command line using the mongo parameters below …

  -u [ --username ] arg username for authentication
  -p [ --password ] arg password for authentication

Changing Passwords

To change the password simply run the addUser command again with a new password.

> db.addUser("web", "wayGooderPass", true)

Delete a User

To remove a user you need to remove the corresponding document for that user in the system.userscollection.

> db.system.users.remove({"user" : "web"});

Set MongoDB to Force Authentication

To force MongoDB to use authentication you’ll need to add the –authparameter to MongoDB at startup (so you would need to restart.)

If you are using an unauthorized user you’ll get an error something like …

error: { “$err” : “unauthorized for db [mydatabase] lock type: -1 ” }

If you have a read only user and attempt a write option you’ll simply get back …

unauthorized

Lastly, if you try to use a user that doesn’t have read/write privlages on theadmin database …

So, if you try to do something like list the avaible database on the server ( > show dbs ) you’ll get error too and you’ll need to make sure you switch to an account with read/write privlages in admin.

Anuncios
Publicado en Uncategorized

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: