How to take care of the mongod.conf file?

If I modify the security lines of the mongod.conf file, I can log in without security and see the database, how could I avoid that?

After modifying mongod.conf you have to stop & start mongod (assuming you edited the file while mongod was up)
Please explain what have you tried and what is not working

1 Like

first start the service with authorization enabled then I created a new user, forgot the password and could not enter so I modified mongod.conf and in the authorization line I put disabled, and you can enter without problem, my question if mongodb allows a file of configuration allow access because it does not have some security I mean the mongod.conf file?

Or could I create another file mongod.conf and have as path another database created by another configuration file for example mongod2.conf?

thank you very much for your reply

Definitively.

You should take M103 to know more about this.

1 Like

Thanks for your answer, I will follow your advice

2 Likes

Welcome to the MongoDB Community @ivan_mg !

Access to the MongoDB server configuration file (and other files in your host O/S environment) is determined by your O/S security (firewalls, remote access, user account restrictions, etc). An administrator will full access to the host environment can stop, start, and reconfigure processes.

Users connecting to your MongoDB deployment do not need access to the host environment and cannot reconfigure process-level options like enabling or disabling security for a MongoDB deployment.

For more information on securing your MongoDB deployment, please review the MongoDB Security Checklist.

For information on improving your O/S security, try searching for articles mentioning “securing” or “hardening” with your O/S version, for example: “security hardening Ubuntu 20.04” or “security hardening windows server 2019”.

Regards,
Stennie

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.