Assignements Of Day 18: MongoDB Authentication and Security

 

Assignements Of Day 18: MongoDB Authentication and Security

---

Assignment 1: Enable MongoDB Authentication

Task:

Enable authentication on a MongoDB instance and create an admin user with full access to all databases.

Solution:

1.  Stop MongoDB Server:

o    On Linux:

bash

sudo systemctl stop mongod

o    On Windows:

bash

net stop MongoDB

2.  Edit MongoDB Configuration File (mongod.conf):

o    Find the mongod.conf file and enable authentication by adding:

yaml

security:

  authorization: "enabled"

3.  Restart MongoDB Server:

o    On Linux:

bash

sudo systemctl start mongod

o    On Windows:

bash

net start MongoDB

4.  Create Admin User:

o    Connect without authentication (--noauth).

bash

mongo --noauth

o    Switch to the admin database and create an admin user.

js

use admin

db.createUser({

  user: "admin",

  pwd: "adminpassword",

  roles: [ { role: "root", db: "admin" } ]

})

---

Assignment 2: Create a Regular User and Test Permissions

Task:

Create a regular user with read-only permissions on a specific database and test their access.

Solution:

1.  Connect as Admin:

o    Use the admin user to connect.

bash

mongo -u admin -p adminpassword --authenticationDatabase admin

2.  Create Read-Only User:

o    Switch to the database testdb and create a read-only user.

js

use testdb

db.createUser({

  user: "readonlyUser",

  pwd: "readonlypassword",

  roles: [ { role: "read", db: "testdb" } ]

})

3.  Test User Permissions:

o    Connect as readonlyUser and test their permissions.

bash

mongo -u readonlyUser -p readonlypassword --authenticationDatabase testdb

o    Test Read and Write operations:

§  Read Operation: db.testCollection.find()

§  Write Operation: db.testCollection.insert({name: "Test"}) should fail.

---

Assignment 3: Create a User with Read-Write Permissions

Task:

Create a user with read-write permissions on a specific database and test their access.

Solution:

1.  Connect as Admin:

bash

mongo -u admin -p adminpassword --authenticationDatabase admin

2.  Create Read-Write User:

o    Switch to testdb and create a user with read-write permissions.

js

use testdb

db.createUser({

  user: "readWriteUser",

  pwd: "readwritepassword",

  roles: [ { role: "readWrite", db: "testdb" } ]

})

3.  Test User Permissions:

o    Connect as readWriteUser and test permissions:

bash

mongo -u readWriteUser -p readwritepassword --authenticationDatabase testdb

o    Test Write and Read operations:

§  Write Operation: db.testCollection.insert({name: "New Item"}) should succeed.

§  Read Operation: db.testCollection.find() should succeed.

---

Assignment 4: Grant a User Multiple Roles

Task:

Create a user and assign multiple roles (e.g., readWrite and dbAdmin) on a database.

Solution:

1.  Connect as Admin:

bash

mongo -u admin -p adminpassword --authenticationDatabase admin

2.  Create User with Multiple Roles:

o    Switch to testdb and create a user with readWrite and dbAdmin roles.

js

use testdb

db.createUser({

  user: "adminUser",

  pwd: "adminpassword",

  roles: [

    { role: "readWrite", db: "testdb" },

    { role: "dbAdmin", db: "testdb" }

  ]

})

3.  Test User Permissions:

o    Test read-write and administrative actions:

bash

mongo -u adminUser -p adminpassword --authenticationDatabase testdb

o    Test actions such as creating indexes or modifying collections.

---

Assignment 5: Create and Test User with root Role

Task:

Create a user with the root role, granting them full access to all databases, and test their access.

Solution:

1.  Connect as Admin:

bash

mongo -u admin -p adminpassword --authenticationDatabase admin

2.  Create User with root Role:

o    Create the user with the root role for full access.

js

use admin

db.createUser({

  user: "rootUser",

  pwd: "rootpassword",

  roles: [ { role: "root", db: "admin" } ]

})

3.  Test User Permissions:

o    Test full access to all databases:

bash

mongo -u rootUser -p rootpassword --authenticationDatabase admin

o    Test admin actions like creating databases and collections.

---

Assignment 6: Test User Roles and Permissions

Task:

Test different users created with different roles (e.g., read, readWrite, dbAdmin) to see how their permissions differ.

Solution:

1.  Create Multiple Users with Different Roles:

o    Create users with read, readWrite, and dbAdmin roles on testdb.

2.  Test Permissions:

o    Connect as each user (readonlyUser, readWriteUser, adminUser) and test their access by attempting read, write, and administrative operations.

---

Assignment 7: Create Users with Custom Roles

Task:

Create a custom role with specific permissions and assign it to a user.

Solution:

1.  Define Custom Role:

o    Create a custom role with specific privileges, such as find and insert on a collection.

js

db.createRole({

  role: "customRole",

  privileges: [

    { resource: { db: "testdb", collection: "testCollection" }, actions: [ "find", "insert" ] }

  ],

  roles: []

})

2.  Create User with Custom Role:

o    Create a user with the customRole.

js

db.createUser({

  user: "customUser",

  pwd: "custompassword",

  roles: [ { role: "customRole", db: "testdb" } ]

})

3.  Test User Permissions:

o    Connect as customUser and test their access.

bash

mongo -u customUser -p custompassword --authenticationDatabase testdb

---

Assignment 8: Revoke and Grant Roles to Users

Task:

Revoke a role from a user and grant a new role.

Solution:

1.  Create User with Initial Role:

o    Create a user with read role.

js

use testdb

db.createUser({

  user: "tempUser",

  pwd: "temppassword",

  roles: [ { role: "read", db: "testdb" } ]

})

2.  Revoke and Grant Roles:

o    Revoke the read role and grant readWrite role.

js

db.revokeRolesFromUser("tempUser", [{ role: "read", db: "testdb" }])

db.grantRolesToUser("tempUser", [{ role: "readWrite", db: "testdb" }])

3.  Test User Permissions:

o    Connect as tempUser and test their new permissions.

---

Assignment 9: Implement Authentication in a MongoDB Cluster

Task:

Set up authentication for a MongoDB cluster with multiple nodes.

Solution:

1.  Enable Authentication on All Nodes:

o    Edit the mongod.conf on all nodes and enable authentication.

yaml

security:

  authorization: "enabled"

2.  Create Admin User on the Primary Node:

o    Connect to the primary node and create an admin user as shown in earlier assignments.

3.  Test Cluster Authentication:

o    Connect to any node in the cluster using the admin credentials.

---

Assignment 10: Backup and Restore MongoDB with Authentication

Task:

Perform a backup and restore operation on a MongoDB database with authentication enabled.

Solution:

1.  Backup the Database:

o    Use the mongodump command with authentication.

bash

mongodump --host <hostname> --port <port> -u admin -p adminpassword --authenticationDatabase admin --db testdb --out /backup

2.  Restore the Database:

o    Use the mongorestore command with authentication.

bash

mongorestore --host <hostname> --port <port> -u admin -p adminpassword --authenticationDatabase admin --db testdb /backup/testdb

---