Install MongoDB on Linux

Abstract

It is very easy to install MongoDB on Linux, as described by the tutorial on the official website (link).
If you follow it blindly however, it will be configured in a very insecure mode, open as administrator to anybody.

In this small article, I will show you how to easily configure your Mongodb server:

  • add a dedicated user and group so that whatever happens to your server your files won’t be compromised,
  • launch the Mongodb server only open to localhost,
  • add Mongodb admin accounts and password,
  • launch the Mongodb server open to the world, but so that it always require a password.

Install MongoDB on its own user account

First, let us create a mongodb user / group and set it a password (you need to be root):

$> sudo adduser mongodb
$> sudo passwd mongodb

Now we can install mongodb on the account of mongodb user.
First we log as the mongodb user.

$> su mongodb
$> cd

Then we download the latest mongodb (example of version 2.6.3, you can get the newest version at http://www.mongodb.org/downloads), extract it ant create a symbolic link “mongodb” that points to the extracted directory (this is useful so that you won’t have to change your paths when you update mongodb later on)

$> wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-2.6.3.tgz
$> tar zxf mongodb-linux-x86_64-2.6.3.tgz
$> ln -s mongodb-linux-x86_64-2.6.3 mongodb

We will put the database inside ./mongodb/data, let’s create the directory first

$> mkdir ~/mongodb/data

Launch the server for the first time and add admin account

It is now possible to launch the mongodb server for the first time; however it will be open to anybody by default. We will first launch it bound to localhost, create some users and re-launch it with authentification activated:

~/mongodb/bin/mongod --bind_ip 127.0.0.1 -dbpath ~/mongodb/data

You may get this error though:

exception in initAndListen std::exception: locale::facet::_S_create_c_locale name not valid, terminating

In this case you have to set your locale environment variable, as suggested in this kink, as follows:

$> export LC_ALL=C

You may want to add this line to your .bashrc as follows:

$> echo "export LC_ALL=C" >> ~/.bashrc

Now launch you server again, and connect locally to it (e.g. in another terminal):

$> ~/mongodb/bin/mongo

Your mission is to create an administrator account (I use the name “the-admin” with the password “my password”, please put your own favourite values):

mongodb $> use admin
mongodb $> db.createUser( { user: "the-admin",  pwd: "my password", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )

By doing so, we add a user “the-admin” bound to the database “admin” (in mongodb user accounts are managed per account), with the role “userAdminAnyDatabase”.
Please visit this link for the list of built-in roles: official website.

You should get a message saying “Successfully added user” with some other details.

Now you can exit the console and kill the mongodb server:

mongodb $>exit
$> killall mongod

Launch the server with authentification on, and connect to it

Your server has now a user, so you can launch it again, with authentification this time, and open to the world (or whatever scope you want):

$> ~/mongodb/bin/mongod --auth --dbpath ~/mongodb/data

You may now connect as admin from wherever with the command (if ADDRESS is the address or name of your mongodb server):

./mongo ADDRESS/admin -u the-admin -p

Et voilà !

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s