OPTIONS

Change a User’s Password

Changed in version 2.6.

Overview

Strong passwords help prevent unauthorized access, and all users should have strong passwords. You can use the openssl program to generate unique strings for use in passwords, as in the following command:

openssl rand -base64 48

Prerequisites

You must have the changeAnyPassword action on a database to modify the password of any user on that database.

You must have the changeOwnPassword action on your database to change your own password.

Procedure

1

Connect to MongoDB with the appropriate privileges.

Connect to the mongod or mongos with the privileges required in the Prerequisites section.

The following example operation connects to MongoDB as an authenticated user named manager:

mongo --port 27017 -u manager -p 12345678 --authenticationDatabase admin
2

Verify your privileges.

Use the usersInfo command with the showPrivileges option.

The following example operation checks privileges for a user connected as manager:

db.runCommand(
  {
    usersInfo:"manager",
    showPrivileges:true
  }
)

The resulting users document displays the privileges granted to manager.

3

Change the password.

Pass the user’s username and the new password to the db.changeUserPassword() method.

The following operation changes the reporting user’s password to SOh3TbYhxuLiW8ypJPxmt1oOfL:

db.changeUserPassword("reporting", "SOh3TbYhxuLiW8ypJPxmt1oOfL")