If you have just installed MongoDB, your database is currently open and unprotected. Of critical importance, the next step is to create an admin user in MongoDB, in order to secure your data. Anyone who gains access to the server can leverage your application’s information, which is the main risk of an unsecured database. Consider this similar to a new house without locks on the doors.
Before we proceed, this tutorial assumes you have already installed MongoDB on your Ubuntu system. If you haven’t completed that step, please follow our detailed guide on How to Install and Configure MongoDB on Ubuntu. Once MongoDB is installed and the service is active, you are ready to secure it.
Creating Your MongoDB Admin User
The process involves connecting to the database, creating the user, and then turning on the security feature. First, open your server’s terminal and connect to the MongoDB instance. You can connect directly without credentials because authentication is not enabled yet.
mongoshYou will see a command prompt starting with >, indicating you are inside the shell.
Switch to the admin Database
User information is stored in a special database called admin. You must switch to this database to create a user with administrative privileges.
use adminCreate the Administrator User
Now, run the createUser command to add your new admin. We will use passwordPrompt() to securely enter the password without it showing on the screen.
db.createUser({
user: "myAdminUser",
pwd: passwordPrompt(),
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" }
]
})This command creates the new user by defining three key details. The user is simply the username for logging in. The pwd (password) securely sets the secret code needed to access the account. The roles section is the most important part, as it determines the user’s permissions. The roles we’ve assigned here are very powerful: one allows this user to manage all other user accounts, and the other gives them full permission to read and change data anywhere in the database.
Enable Authentication in the Configuration File
Now that you have an admin user, you need to tell MongoDB to start requiring a username and password for access. First, exit the MongoDB shell by typing exit and pressing Enter. Then, open the MongoDB configuration file with a text editor like nano, vim or gedit.
sudo nano /etc/mongod.confScroll down in the file and find the #security: section. Uncomment it (remove the #) and add a line to enable authorization. It should look like this:
security:
authorization: "enabled"Save the file and exit the editor in nano, press Ctrl+X, then Y, then Enter.
Restart MongoDB to Apply Changes
MongoDB service needs to be restarted to apply these changes. Enter below command to restart MongoDB service.
sudo systemctl restart mongodVerify Your Secure Setup
Finally, It’s time to verify our admin user with authentication setup. Let’s test it with connecting with MongoDB using our newly created admin user.
mongosh -u myAdminUser -p --authenticationDatabase adminThe command will prompt you for password. If you connect successfully, your MongoDB security setup is complete and enabled authentication.
Conclusion
You have completed the most important step in securing your database. By following this guide, you now know created an admin user in MongoDB and enforce authentication. Your data is no longer open to unauthorized access, and you have a solid foundation on which to securely build your applications. You can go forth and create more specialized user roles for your various applications.