1

I have a database called flowers in which I have the collection named flower. When I first created it in MongoDB, I had no authentication set to it (I would just connect to it using the default port:27017 and localhost).

Then I wanted to restrict the access to this database, in order to be accessed only with a set of username & password. First, I created an admin in the admin database:

> use admin
switched to db admin
> db.createUser(
...   {
...     user: "myUserAdmin",
...     pwd: "abc123",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
        "user" : "myUserAdmin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}
> show users
{
        "_id" : "admin.myUserAdmin",
        "user" : "myUserAdmin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ],
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ]
}

Then I exited mongo, I restarted the service. Then I created a user for my database:

> use flowers
switched to db flowers
> db.createUser(
...   {
...     user: "adminfl",
...     pwd: "flower1",
...     roles: [ "dbOwner", "readWrite"]
...   }
... )
Successfully added user: { "user" : "adminfl", "roles" : [ "dbOwner", "readWrite" ] }

After this I exited mongo once again, restarted the service.... from Compass I tried to connect to database flowers using the username and password and specify the authentication database: flowers. Everything went well to this point.

My problem is: when I connect to mongo using the authentication I can see all the databases, and when I connect without authentication, I have the same result.

How can I make my database flowers visible only when I connect with a username & password?

Update: This is my mongod.cfg:

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: C:\Program Files\MongoDB\Server\4.0\data
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path:  C:\Program Files\MongoDB\Server\4.0\log\mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1


#processManagement:

#security:

#operationProfiling:


#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:
user3063909
  • 363
  • 3
  • 16
  • As @Himanshu has said - you're probably not starting with auth enabled. You can also do this via the command line with --auth. Which version of Mongo are you using? To restrict a user to only list databases he can read from is an improvement made in Mongo 4.0. – Robert Seaman Mar 15 '19 at 11:02
  • @RobertSeaman I'm using version 4.0.6... – user3063909 Mar 15 '19 at 11:10

2 Answers2

2

Try adding below line if not added in your mongod.conf =>

security:
  authorization: enabled

Then restart mongodb and you are good to go.

Himanshu
  • 835
  • 1
  • 13
  • 22
  • I've tried this also, but then it gives me the following error: ``Error 1053: The service did not respond to the start or control request in a timely fashion.`` and then I cannot start the service again... – user3063909 Mar 15 '19 at 11:05
  • I suppose you are using Windows.This link might help => https://stackoverflow.com/questions/4661670/cannot-start-mongodb-as-a-service – Himanshu Mar 15 '19 at 11:10
  • Have you checked this link => https://stackoverflow.com/questions/4661670/cannot-start-mongodb-as-a-service Have you installed Mongod as a service or are you using command line??. Share your mongod.conf. – Himanshu Mar 15 '19 at 11:43
  • I've added the mongod.cfg to my post – user3063909 Mar 15 '19 at 11:57
  • I've reinstalled everything... made the data, log and conf directory look like in your answer. But when I try to add ``authorization: enabled`` in the config file... it gives the same error as above... – user3063909 Mar 18 '19 at 11:45
  • Did you checked the mongodb logs for errors?? Please share logs. Did you reinstalled the service as well. – Himanshu Mar 19 '19 at 07:11
  • Solved the error. It was quite dumb :)))) I was adding ``authorization :enabled`` in the cfg file, but I forgot to remove the # symbol in front of ``security`` :))))) – user3063909 Mar 22 '19 at 07:59
1

Ok looking at your mongo conf we can see there is space in your db and log path viz "Program Files" which can create issue. Workaround is: 1) Make data, log and conf directory like C:\data\db, C:\data\log and C:\data\mongod.conf. 2) Make path changes in mongod.conf for dbpath and logpath. 3) Add security authorization: enabled in mongod.conf as suggested. 4) Remove mongod service if already installed and install service again. 5) Restart service. Hope this helps.

Himanshu
  • 835
  • 1
  • 13
  • 22