ConnString for community edition with username and passwort

Ops and Admin Installation & Upgrades
,
#1

Hi community,
I installed the mongo-server community edition and mongosh on a linux-vm (ubuntu 20.04) with an IP-4 let’s say 1:2:3:4
No replicas at the moment.

Now I want to read and write data from my local PC with php.

My questions are:

  1. There is the linux mongodb user without any password. Should I set one ?
  2. Handle the user rights on linux or mongosh level ?
  3. ConnString "mongdb://mongodb:my_new_password@1:2:3:4 plus mongod-Port ?
  4. If not Atlas I don’t add “srv” in the ConnString, right ?

More securing: Yes, I know, there is a way to go :slight_smile:
For developing purposes user and password would be enough but how is the ConnString ? :confused:

Best and thanks in advance
Robert

#2

Hi @Robert_Haupt

Depending on how you install MongoDB, by default the mongod process binds only to localhost so it’s not accessible through the network. On top of that, even if you enable auth on the MongoDB server, without any user defined in the server, the localhost exception is active and you can connect to it locally. The exception will be disabled once you create a user on the server.

In this case, the connection string URI should be just mongodb://127.0.0.1:27017 (see Standard Connection String Format).

With regard to your questions:

  1. There is the linux mongodb user without any password. Should I set one ?

I don’t think you should tamper with it. Having a separate user is standard procedure for installation in Linux.

  1. Handle the user rights on linux or mongosh level ?

What do you mean by “user rights” in this context?

  1. ConnString "mongdb://mongodb:my_new_password@1:2:3:4 plus mongod-Port ?

Yes, once you enable auth and created a user.

  1. If not Atlas I don’t add “srv” in the ConnString, right ?

Correct. The mongodb+srv protocol uses DNS to supply the actual server addresses, which you don’t need for local deployment.

It’s always good practice to secure your deployment, even locally. Please see Use SCRAM to Authenticate Clients on how to enable this.

Best regards
Kevin