Per Default ist bei einer MongoDB Instanz keine Authentication aktiviert. Hier der kurze Weg.
Admin Account anlegen
devusr@testsystem:~# mongo MongoDB shell version v3.6.5 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.6.5 > use admin switched to db admin > db.createUser({user: "admin", pwd: "geheimes_passwort", roles: [{ role: "root", db: "admin" }]}) Successfully added user: { "user" : "admin", "roles" : [ { "role" : "root", "db" : "admin" } ] } > quit()
Authentication in mongod.conf aktivieren (Ubuntu: /etc/mongod.conf)
... # network interfaces net: port: 27017 bindIp: 127.0.0.1 security: authorization: enabled ...
Mongod neustarten
service mongod restart
Erster Test: User anlegen für Test DB
> use test switched to db test > db.createUser({user: "devuser", pwd: "secure_pwd", roles: [{ role: "readWrite", db: "test" }]}) 2018-06-18T08:05:53.448+0200 E QUERY [thread1] Error: couldn't add user: not authorized on test to execute command { createUser: "devuser", pwd: "xxx", roles: [ { role: "readWrite", db: "test" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 }, $db: "test" } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 DB.prototype.createUser@src/mongo/shell/db.js:1437:15 @(shell):1:1 >
Sieht gut aus, es geht nicht 😉
Anmelden und User für Test DB anlegen
use admin db.auth("admin","geheimes_passwort") 1 use test > db.createUser({user: "devuser", pwd: "secure_pwd", roles: [{ role: "readWrite", db: "test" }]}) Successfully added user: { "user" : "devuser", "roles" : [ { "role" : "readWrite", "db" : "test" } ] } >
Authentifizierung mit pymongo in Python Code
>>> from pymongo import MongoClient >>> uri = "mongodb://devuser:secure_pwd@localhost/test?authSource=test" >>> client = MongoClient(uri) >>> db = client.test >>> collection = db.foo >>> collection.insert_one({"foo":"bar"}) <pymongo.results.InsertOneResult object at 0x7fa764f2a998> >>> collection.find_one() {u'_id': ObjectId('5b274db939d9c0683b47c0e2'), u'foo': u'bar'} >>>
Quellen / Weitere Informationen:
Enable Authentication – https://docs.mongodb.com/manual/tutorial/enable-authentication/
Built-In Roles – https://docs.mongodb.com/manual/core/security-built-in-roles/
pymongo authentication – http://api.mongodb.com/python/current/examples/authentication.html