0

System

Hi I am running mongodb on ubuntu 20.14. Im running mongodb with systemctl

What I've done

I've tried to make it more secure by adding an admin user and enabled authentication. Ive restarted the service multiple times.

config file:

security:
  authorization: enabled

How I created user:

use admin
db.createUser({
    user: "username",
    pwd: "123456",
    roles:["root"]
})

Problem

I am still able to connect through mongodb compass without any auth??? Im able to do everything even tho I enabled the authentication? I am not able to login authenticated using these urls:

mongodb://username:password@localhost:27017/
mongodb://username:password@localhost:27017?authSource=admin

Im sure the config file is loading since authentication works in console and I can see the right config load in the mongod.log

Jan
  • 59
  • 2
  • 12

2 Answers2

1

It would be this one:

mongodb://username:password@localhost:27017?authSource=admin

See also: Authentication failure while trying to save to mongodb

Yes, even without authentication you can connect to Mongo database in any case. However, apart from harmless commands like db.help(), db.version(), db.getMongo(), etc. you cannot execute anything.

You can skip parameter enableLocalhostAuthBypass. The localhost exception applies only when there are no users created in the MongoDB instance.

Wernfried Domscheit
  • 54,457
  • 9
  • 76
  • 110
  • That url doesn't work either. When I connect without authentication Im able to create databases and collections and drop these ect. I also removed `enableLocalhostAuthBypass` and that did nothing. I've updated my question. – Jan Mar 15 '21 at 13:07
1

Solution

I thought the issue was with mongodb compass. So what I did was deleting the application and when I did that I saw that I had mongodb installed on my pc too.

I was never connecting to the mongodb that I have created on my ubuntu server but on my own pc.

Jan
  • 59
  • 2
  • 12