Security Issue Analysis
MongoDB does not enable authentication by default during installation, which poses serious security risks.
User Management Operations
Create User
use admin
db.createUser({
user: "admin",
pwd: "admin123",
roles: [{role: "root", db: "admin"}]
})Modify Password
db.changeUserPassword('admin', 'admin@123')Authentication Startup Configuration
Configure in mongod.conf:
security:
authorization: enabledRole Details
Database-Level Roles
- read: Read data from specified database
- readWrite: Read/write permissions
- dbAdmin: Index management
- userAdmin: User account management
- dbOwner: Full database control
Cross-Database Roles
- readAnyDatabase: Read permissions for all databases
- readWriteAnyDatabase: Read/write permissions for all databases
- userAdminAnyDatabase: Global user management
Cluster Administration Roles
- clusterAdmin: Sharding management, replica set configuration
- root: Superuser permissions
Common Errors
| Error | Fix |
|---|---|
| Authentication failed | Check authSource parameter |
| not authorized on db | Add corresponding database role permissions |
| Cannot connect remotely | Check bindIp configuration |