Install, Secure, Backup, Restore and Connect MongoDB database with separate user Role in Ubuntu 16.0

Install, Secure, Backup, Restore and Connect MongoDB database with separate user Role in Ubuntu 16.0

Intro

Today we take a ubuntu 16.04 server. Install MongoDB server there and secure it with users of various role. We use different user to backup, restore and read write operation. Also we will cover, how to connect a authenticate database from a node app using mongoose ODM tool.

Covering Area

  1. Install MongoDB (You can skip this part and follow official doc)

  2. Run MongoDB

  3. Enable Authentication in our database server

  4. Create user

  5. Backup or dump database

  6. Restore backup or dump database

  7. Connect authenticate database from a Node app using Mongoose ODM tool.

    Step 1 can be skipped by the official doc. Step 2 , 3 and 4 are heavily inspired from Digital Ocean Blog. So you can keep an eye on that.

Install MongoDB

1. Import the public key used by the package management system.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4

2. Create a list file for MongoDB.

echo “deb [ arch=amd64,arm64 ] [https://repo.mongodb.org/apt/ubuntu](https://repo.mongodb.org/apt/ubuntu) xenial/mongodb-org/4.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list

3. Reload local package database.

sudo apt-get update

4. Install the MongoDB packages.

sudo apt-get install -y mongodb-org

Now we are done installing MongoDB.

Run MongoDB

1. To start MongoDB, Run Mongo Daemon

sudo systemctl start mongod

2. Your MongoDB database is up and running now. To access the MongoDB shell

mongo

3. Also You can check the status (You must confirm the Active key value is running)

sudo systemctl status mongod

4. To ensure, every time the OS boot, the MongoDB will run automatically

sudo systemctl enable mongod

Now we are done running our MongoDB server.

Enable Authentication

Let’s consider we have a database named ‘my-database’

To create any user first we need to create a super user. The super user can create and assign role to other users to perform operation in database.

Let’s create a super user.

1. Go to mongoDB shell

mongo

2. We need to switch to the admin database to create a super user.

use admin

3. Create a super user, so we can create various user with role in future,

db.createUser(
  {
    user: "my-super-user",
    pwd: "my-super-user-password",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

Now a super user is created.

4. Leave the mongo shell

exit

Now in your Mongo Daemon configuration file, enable authentication.

5. Enter to the configuration file.

sudo nano /etc/mongod.conf

Now replace “#security” with the following two line. Here we remove comment from security. Then enable the authentication.

security:
  authorization: "enabled"

6. To make this change available, we need to restart Mongo Daemon.

sudo systemctl restart mongod

7. To check the MongoDB runtime status

sudo systemctl status mongod

You should see the active property running.

Creating User

1. This time go to MongoDB shell with username and password

mongo -u my-super-user -p --authenticationDatabase admin

For password, give the previously created super user password “my-super-user-password”

2. Now Switch to admin database

use admin

3. Let’s create a user with read-write capability, so the user can perform read write operation in database and also restore backup database.

db.createUser(
  {
    user: "my-user",
    pwd: "my-user-password",
    roles: [ { role: "readWrite", db: "my-database" } ]
  }
)

4. Also create another user to backup privilege.

db.createUser(
  {
    user: "my-backup-user",
    pwd: "my-backup-user-password",
    roles: [{ role: "backup", db: "admin" }]
  }
)

Now we have two users, one for read-write and database restoring authorized. Another user can only take database backup.

Backup Database

To backup or dump the database, we have to use the user with ‘backup’ role.

mongodump --username my-backup-user --password my-backup-user-password

Restore Database

In order to restore the database, we have to use a database user with read-write privilege. First go to the directory, that contains dump database.

mongorestore --username my-user --password my-user-password

Now your database will be restored.

Connect using Mongoose ODM From Node APP

1. Install mogoose

npm i mongoose

2. In the index.js folder

const mongoose = require('mongoose');
const uri = 'mongodb://localhost:27017/my-database';
const option = {
    "useNewUrlParser": true,
    "auth": { "authSource": "admin" },
    "user": "my-user",
    "pass": "my-user-password"
};
mongoose.connect(uri, option);

3. Run the app

node index.js

Conclusion

So here we are. Our database is secure with role based user. Stay tuned and if there is a confusing term or something, response below. I will replay ASAP.