how to disable access to mongo shell to anonymous users?

All we need is an easy explanation of the problem, so here it is.

i have created users in mongodb . one user among them is admin. but when i do
it is allowing me to connect to mongo shell with out me specifiying user and password. what should i do to prevent access to mongo shell for all with out user login? please help

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

There is no access control enabled with MongoDB by default, so this is something you’ll need to configure separately. Fortunately, it’s not too difficult thanks to the well-written MongoDB Manual.

Here is the gist:

  1. Start MongoDB without access control (which I believe you’ve already done)
  2. Connect to the instance (which you’ve stated you’ve already done)
  3. Create an administrator account:
    use admin
        user: "adminny",
        pwd: "superSecretPassword!123",
        roles: [ { role: "dbOwner", db: "admin" } ]
  4. Re-start the MongoDB instance with access control.
    mongod --auth --port 27017 --dbpath /data/db1

    Note the --auth option in the startup.

  5. Authenticate as the admin account:
    mongo --port 27017 -u "adminny" -p "superSecretPassword!123" --authenticationDatabase "admin"

Important Note About Roles

There are several roles that are available, and choosing the wrong one can result in unnecessary frustration.

Role Detail
root This would be a root-level role, allowing the creation of user accounts, databases, and all administration-level actions one might need to do.
dbAdmin Provides the ability to perform administrative tasks such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management.
dbOwner The database owner can perform any administrative action on the database. This role combines the privileges granted by the readWrite, dbAdmin and userAdmin roles.
userAdmin Provides the ability to create and modify roles and users on the current database. Since the userAdmin role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster.
userAdminAnyDatabase Provides the same access to user administration operations as userAdmin on all databases except local and config.
readWrite Provides all the privileges of the read role plus ability to modify data on all non-system collections and the system.js collection.

You can read more about each of the Built-In Roles in the MongoDB Manual, which is very approachable.

Method 2

Apart the answer from @matigo, it should be noted that you can always connect to MongoDB even without credentials.

However, without valid credentials you are just connected, i.e. you cannot execute any command apart from nonhazardous commands like, db.listCommands(), db.version(), db.getMongo(), etc.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply