4

I have set up a docker with MongoDB Image. By default it has no password set up. I made a user and assigned it roles, which works perfectly well. But the issue is that the connection is still possible without authentication.

  1. Connect with Authentication > Right Username, Right Password -> CONNECTED

  2. Connect with Authentication > Right Username, Wrong Password -> CONNECTION FAILED

  3. Connection without Authentication > CONNECTED

I want the 3rd point to stop working.

Improve this question

2 Answers 2

Reset to default
7

Steps:-

1) Run a docker instance without authentication

    $ docker run --name container-name -d -p 27017:27017 -v ~/mongodb:/data/db mongo

2) Create a main administrator user with admin roles

    $ mongo --port 27017
    $ use admin;
    $ db.createUser({user: "adminUserName",pwd: "adminPassword",roles: [{ role: "userAdminAnyDatabase", db: "admin" }})

This will create a user in the admin database with roles "userAdminAnyDatabase". This is like a superuser.

3) Create User for a particular database

    $ use 
    $ db.createUser({user: "dev-read-username",pwd: "dev-read-password",roles:["read"]})  
    -- User with "read" role

    $ db.createUser({user: "dev-write-username",pwd: "dev-write-password",roles:["readWrite"]}) 
    -- User with "readWrite" role

For list of roles available or how to create custom roles, please check https://docs.mongodb.com/manual/reference/built-in-roles/

4) Remove the docker container

    $ docker ps -a
    $ docker stop container_id
    $ docker rm container_id

5) Run the docker instance with authentication enabled

    $ docker run --name container-name -d -p 27017:27017 -v ~/mongodb:/data/db mongo --auth

I assume you might not have started the docker container with --auth enabled. Once you start with --auth enabled, then you will not be able to connect without credentials.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I had it deployed with --auth enabled
@AqibBangash Strange it did not work with --auth enabled. I have edited my answer with detailed steps. Can you cross-verify once and see if it you missed anything just incase.
1

  1. Run with auth option to add authorizations docker run --name some-mongo -d mongo --auth

  2. You should create an admin user. You can check if admin user exists using db.getSiblingDB('admin').system.users.find() or create one like : db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [{ role: "userAdminAnyDatabase", db: "admin" } ] });

Source : https://hub.docker.com/r/library/mongo/

Improve this answer

4 Comments

@AkshayMehta was faster than me :)
I had it deployed with --auth enabled plus i had made an admin user. Still it was accessible without auth.
Official docker container ?
Yes. Maybe i was wrong somewhere. But i got to know it the harder way. DB got compromised and hacker demanded ransom in BTCs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.