How to use --auth?

What’s the difference between running:
sudo mongod --config mongod.conf
sudo mongod --config mongod.conf --auth
I cannot understand what kind of authorization --auth provides, I didn’t point any additional information about admin user or anything else, though 2nd option works unlike 1st one.
P.S. I’ve just complited lab - Creating First Application User

Hey @dedifferentiator

Both commands will start the mongod process and allow you to initially connect. However the second one will restrict connections to authorized user once the localhost exception has passed.

From the docs:

Localhost Execption

The localhost exception allows you to enable access control and then create the first user in the system. With the localhost exception, after you enable access control, connect to the localhost interface and create the first user in the admin database. The first user must have privileges to create other users, such as a user with the userAdmin or userAdminAnyDatabase role.

--auth

Enables authorization to control user’s access to database resources and operations. When authorization is enabled, MongoDB requires all clients to authenticate themselves first in order to determine the access for the client.

Configure users via the mongo shell. If no users exist, the localhost interface will continue to have access to the database until you create the first user.
See Security for more information.

1 Like

A-ha, so if I passed localhost exception I always have to run mongod command with --auth option, just to mark that credentials for authorization required?

Almost got it. So the mongod it the overall process (which runs on a server) which you only launch once (per instance; more for replica sets; advanced).

mongod is the primary daemon process for the MongoDB system. It handles data requests, manages data access, and performs background management operations.

Then you connect to the process thought the mongo shell or one of the many drivers. Once you pass the localhost exception each time you attempt to connect to the mongod you will have to provide authentication info, ie username and password.

Okay, so there is mongod daemon which setup server with all necessary configurations and mongo shell is just one option among many clients’ drivers through which I can connect to database? If it’s right I think I got it :slight_smile:

Just one more question, it is okay to run mongod with sudo?

@dedifferentiator

You got it :+1:

To the best of my knowledge it is fine to run as sudo. Some guides even have it set up that way.
See Below

1 Like

As a paranoid sysadmin, in a production environment, I would create a mongodb user and run all mongodb server processes as this user.

3 Likes