-
Type:
Question
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:OS: ubuntu 22.04
Using MongoDB: 7.0.3
Using Mongosh: 2.1.0
Problem Statement/Rationale
I have enabled authentication and still can connect without username and password to MongoDB
Please be sure to attach relevant logs with any sensitive data redacted.
{{
{ "t": \{ "$date": "2023-11-26T10:39:15.483+00:00" },
"s": "I",
"c": "CONTROL",
"id": 21951,
"ctx": "initandlisten",
"msg": "Options set by command line",
"attr": {
"options": {
"config": "/etc/mongod.conf",
"net": {
"bindIp": "*",
"ipv6": false,
"port": 27017,
"tls":
},
"processManagement": {
"fork": false,
"pidFilePath": "/var/lib/mongodb/mongodb.pid"
},
"security": { "authorization": "enabled" },
"setParameter": { "enableLocalhostAuthBypass": "false" },
"storage": { "dbPath": "/var/lib/mongodb", "directoryPerDB": false },
"systemLog": {
"destination": "file",
"logAppend": true,
"logRotate": "reopen",
"path": "/var/log/mongodb/mongod.log",
"quiet": false,
"verbosity": 0
}
}
}
}}}
Steps to Reproduce
Configure mongod service to use authorization using the following config, then restart mongod service.
{{# set parameter options
setParameter:
enableLocalhostAuthBypass: false
# security options
security:
authorization: enabled
#keyFile: replace_me}}
{{}}
Expected Results
I expect to impossible to connect without username and password
Actual Results
I observe, it is possible to connect without username and password, by simply execute the $mongosh command.
Additional Notes
Any additional information that may be useful to include.