20 December 2011

MongoDB and Authentication

By default, MongoDB allows access to the database without authentication. Adding a user with a username/password is easy, but authenticating might be a bit tricky since the official documentation does not say the command directly.
First, we add an admin account. Navigate to the MongoDB directory on your machine then start the database.
$ ./mongo
> use admin
> db.addUser(adminuser, adminpassword)
Switch to the database of your choice and add users to it.
> use foo
> db.addUser(myuser, userpassword)
This adds a user myuser that has read and write access to the database. If we want a user with read-only access, set the third parameter for addUser().
> db.addUser(guest, guestpassword, true)
You can check for users with access to a particular database like thus:
> db.system.users.find().pretty()
        "_id" : ObjectId("4ee9863d954eb7168e07089d"),
        "user" : "zarah",
        "readOnly" : false,
        "pwd" : "70581bfb1e32e2286df11fe119addc7a"
        "_id" : ObjectId("4ee98658954eb7168e07089e"),
        "user" : "guest",
        "readOnly" : true,
        "pwd" : "88558f1ece63fa0b528012b9840bd9de"

Now stop the MongoDB server and restart it with authentication enabled.
$ ./mongod --auth
> mongo foo -u myuser -p userpassword
where foo is the database that myuser has access to.
You can now read and write into database foo. Notice however that querying for databases would result to an error:
> show dbs
Mon Dec 19 17:21:20 uncaught exception: listDatabases failed:{ "errmsg" : "need to login", "ok" : 0 }

Exit MongoDB and login again, this time using the read-only account. If we try inserting a document, an error should appear:
> db.foo.insert({"title","MongoDB Authentication Test"})
The read-only account can query for collections and use find() and its variations. It can't, however, query for databases.