Enable Authentication on MongoDB

Deployment Type:

Author: MongoDB Documentation Team

This guide describes how to enable authentication on your local MongoDB instance.

Time required: 10 minutes

What You’ll Need

Check Your Environment

Ensure that your MongoDB instance is running.

To make sure that your MongoDB instance is running on Windows, run the following command from the Windows command prompt:

tasklist /FI "IMAGENAME eq mongod.exe"

If a mongod.exe instance is running, you will see something like:

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
mongod.exe                    8716 Console                    1      9,508 K

To make sure your MongoDB instance is running on mac, run the following command from your terminal:

ps -e | grep 'mongod'

If a mongod instance is running, you will see something like:

89780 ttys026    0:53.48 ./mongod

To make sure your MongoDB instance is running on linux, run the following command from your terminal:

ps -e| grep 'mongod'

If a mongod instance is running, you will see something like:

89780 ttys026    0:53.48 ./mongod

Procedure

1

Find the mongo Shell

The mongo shell is packaged with the MongoDB Server Community and Enterprise distributions, and is also available for users of Atlas as a client-only download.

MongoDB binaries are located in a directory that starts with “mongodb-“. You should see a file named mongo, which is the shell executable.

If you do not have mongo shell installed, follow the install directions for your environment.

Download the latest stable version for your environment.

After downloading, click on the downloaded .msi file. The Windows Installer will guide you through the installation.

Download the latest stable version for your environment.

Double click the tgz file to untar the file.

Download the latest stable version for your environment.

Extract the tar file and locate the mongo executable under the bin directory of your install root.

tar -xvzf <tgz file>
2

Connect to your MongoDB instance

Select the operating system platform on which you are running the MongoDB client you have selected.

Note

If you are running your mongod instance with the default host (localhost) and port (27017), you can leave those parameters out when running mongo shell.

mongo.exe --host <HOSTNAME> --port <PORT>
mongo --host <HOSTNAME> --port <PORT>
mongo --host <HOSTNAME> --port <PORT>
3

Switch to the admin Database

use admin;
4

Create the user administrator

db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)
5

Create a user for reading and writing to your test database

It is a good idea to keep your admin user credentials separate from users that will read and write to the databases on a regular basis.

In this step, create a user that you will use throughout the guides for reading and writing test data.

db.createUser(
  {
    user: "userreadwrite",
    pwd: "abc123",
    roles: [ { role: "readWriteAnyDatabase", db: "admin" } ]
  }
)
6

Check whether your users have been added

Run show users to see if your users were created.

show users

You should see output similar to the following:

{
  "_id" : "admin.myUserAdmin",
  "user" : "myUserAdmin",
  "db" : "admin",
  "roles" : [
    {
      "role" : "userAdminAnyDatabase",
      "db" : "admin"
    }
  ],
  "mechanisms" : [
    "SCRAM-SHA-1",
    "SCRAM-SHA-256"
  ]
}
{
  "_id" : "admin.userreadwrite",
  "user" : "userreadwrite",
  "db" : "admin",
  "roles" : [
    {
      "role" : "readWriteAnyDatabase",
      "db" : "admin"
    }
  ],
  "mechanisms" : [
    "SCRAM-SHA-1",
    "SCRAM-SHA-256"
  ]
}
7

Exit the mongo shell

Use Ctrl-C to exit the mongo shell.

8

Re-start your MongoDB instance with access control enabled

To restart MongoDB, run mongod.exe with the --auth setting.

"C:\Program Files\MongoDB\Server\4.0\bin\mongod.exe" --dbpath "d:\test\mongo db data" --auth

This starts the main MongoDB database process. The waiting for connections message in the console output indicates that the mongod.exe process is running successfully.

To restart MongoDB with authentication, run the mongod process at the system prompt. If necessary, specify the path of the mongod or the data directory. See the following examples.

If you do not use the default data directory (i.e., /data/db), specify the path to the data directory using the –dbpath flag.

mongod --dbpath <path to data directory> --auth

To restart MongoDB with authentication, run the mongod process at the system prompt. If necessary, specify the path of the mongod or the data directory. See the following examples.

If you do not use the default data directory (i.e., /data/db), specify the path to the data directory using the –dbpath flag.

mongod --dbpath <path to data directory> --auth

Summary

If you have successfully completed this guide you have enabled basic authentication on your local MongoDB instance.

What’s Next

The next guide walks you through connecting to your new MongoDB instance.