DOCSP-3654: simplify & revise auth guide to create a single root user

Author: schmalliso

source/includes/run-mongodb-on-linux-auth.rst

@@ -1,11 +1,16 @@
-  To restart MongoDB with authentication, run the :binary:`~bin.mongod`
-  process at the system prompt. If necessary, specify the path of the
-  :binary:`~bin.mongod` or the data directory. See the following
-  examples.
+To restart MongoDB with access control, run the :binary:`~bin.mongod`
+process from your terminal with the :option:`--auth <mongod.--auth>`
+option. The :binary:`~bin.mongod` process is located in a ``bin``
+folder in the MongoDB installation directory.
 
-  If you do not use the default data directory (i.e., ``/data/db``),
-  specify the path to the data directory using the --dbpath flag.
+.. code-block:: sh
 
-  .. code-block:: sh
+   mongod --dbpath <path to data directory> --auth
 
-     mongod --dbpath <path to data directory> --auth
+If you used the default data directory for your MongoDB deployment,
+(i.e., ``/data/db``), you can leave off the 
+:option:`--dbpath <mongod.--dbpath>` option.
+
+If your :binary:`~bin.mongod` instance has successfully started, you
+will see logging output in your terminal that includes
+``[initandlisten] waiting for connections``.

source/includes/run-mongodb-on-windows-auth.rst

@@ -1,4 +1,5 @@
-To restart MongoDB, run :binary:`~bin.mongod.exe` with the ``--auth`` setting. 
+To restart MongoDB, run :binary:`~bin.mongod.exe` with the
+:option:`--auth <mongod.--auth>` option. 
 
 .. code-block:: sh
 

source/includes/start-server-auth.rst

@@ -9,6 +9,17 @@
 
      - id: linux
        content: |
+         .. note:: 
+  
+            The following instructions assume that you installed MongoDB
+            from a ``tar.gz`` archive rather than using a package
+            manager. If you used the package manager for your Linux
+            distribution to install MongoDB, edit your
+            :ref:`configuration file <configuration-options>` to include
+            the :setting:`security.authorization` setting before starting
+            your :binary:`~bin.mongod` service as usual. Refer to the
+            :ref:`configuration file <configuration-options>`
+            documentation for more information.
 
          .. include:: /includes/run-mongodb-on-linux-auth.rst
 

source/includes/steps-auth.yaml

@@ -1,19 +1,19 @@
-title: Find the ``mongo`` Shell
+title: Locate the :binary:`~bin.mongo` shell.
 ref: mongo-shell
 level: 4
 stepnum: 1
 content: |
 
-  The ``mongo`` shell is packaged with the MongoDB Server Community and
-  Enterprise distributions, and is also available for users of Atlas as
-  a client-only download.
+  The :binary:`~bin.mongo` shell is packaged with the MongoDB Server
+  Community and Enterprise distributions, and is also available for users
+  of Atlas as a client-only download.
 
   MongoDB binaries are located in a directory that starts with
-  "mongodb-". You should see a file named ``mongo``, which is the shell
-  executable.
+  ``mongodb-``. Within a ``bin`` directory, you should see a file named
+  ``mongo``, which is the shell executable.
 
-  If you do not have ``mongo`` shell installed, follow the install
-  directions for your environment.
+  If you do not have :binary:`~bin.mongo` shell installed, follow the
+  install directions for your environment.
 
   .. include:: /includes/download-shell-tabs.rst
 
@@ -28,18 +28,18 @@ content: |
   .. include:: /includes/mongo-shell-platform-connect-np.rst
 
 ---
-title: Switch to the `admin` Database
+title: Switch to the ``admin`` database.
 ref: administrator
 level: 4
 stepnum: 3
 content: |
 
   .. code-block:: sh
      
-     use admin;
+     use admin
 
 ---
-title: Create the user administrator
+title: Create a :authrole:`root` user with the :method:`db.createUser()` method.
 ref: create_user
 level: 4
 stepnum: 4
@@ -49,43 +49,23 @@ content: |
      
      db.createUser(
        {
-         user: "myUserAdmin",
-         pwd: "abc123",
-         roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
+         user: "superuser",
+         pwd: "changeMeToAStrongPassword",
+         roles: [ "root" ]
        }
      )
 
+  Users with the :authrole:`root` role have full privileges on all
+  resources. You can therefore use your new ``superuser`` user to query
+  your database, add indexes, create additional users, administer your deployment, etc.
 ---
-title: Create a user for reading and writing to your test database 
-ref: create_user_rw
-level: 4
-stepnum: 5 
-content: |
-  
-  It is a good idea to keep your admin user credentials separate from
-  users that will read and write to the databases on a regular basis.
-
-  In this step, create a user that you will use throughout the guides
-  for reading and writing test data.
-
-  .. code-block:: javascript
-
-     db.createUser(
-       {
-         user: "userreadwrite",
-         pwd: "abc123",
-         roles: [ { role: "readWriteAnyDatabase", db: "admin" } ]
-       }
-     )
-
----
-title: Check whether your users have been added 
+title: Verify that you have successfully added your user. 
 ref: check_users
 level: 4
-stepnum: 6
+stepnum: 5
 content: |
 
-  Run ``show users`` to see if your users were created.
+  Run ``show users`` to see if your user was created:
 
   .. code-block:: javascript
 
@@ -96,51 +76,47 @@ content: |
   .. code-block:: sh
 
      {
-       "_id" : "admin.myUserAdmin",
-       "user" : "myUserAdmin",
-       "db" : "admin",
-       "roles" : [
-         {
-           "role" : "userAdminAnyDatabase",
-           "db" : "admin"
-         }
-       ],
-       "mechanisms" : [
-         "SCRAM-SHA-1",
-         "SCRAM-SHA-256"
-       ]
-     }
-     {
-       "_id" : "admin.userreadwrite",
-       "user" : "userreadwrite",
-       "db" : "admin",
-       "roles" : [
-         {
-           "role" : "readWriteAnyDatabase",
-           "db" : "admin"
-         }
-       ],
-       "mechanisms" : [
-         "SCRAM-SHA-1",
-         "SCRAM-SHA-256"
-       ]
-     }
+        "_id" : "admin.superuser",
+        "userId" : UUID("7c2aee5c-6af5-4e25-ae0f-4422c6a8a03c"),
+        "user" : "superuser",
+        "db" : "admin",
+        "roles" : [
+                {
+                  "role" : "root",
+                  "db" : "admin"
+                }
+        ],
+        "mechanisms" : [
+                "SCRAM-SHA-1",
+                "SCRAM-SHA-256"
+        ]
+      }
 
 ---
-title: Exit the ``mongo`` shell
-ref: exit_mongo
+title: Shut down your MongoDB instance.
+ref: shutdown_server
 level: 4
-stepnum: 7
-content: |
-
-  Use ``Ctrl-C`` to exit the ``mongo`` shell.
-
+stepnum: 6
+action:
+  - pre: |
+      From the ``mongo`` shell, shut down your :binary:`~bin.mongod`
+      instance.
+    language: sh
+    code: |
+      db.shutdownServer()
+    post: |
+      You should see a message that resembles 
+      ``server should be down...``.
+  - pre: |
+      Type ``exit`` to exit the ``mongo`` shell.
+    language: sh
+    code: |
+      exit
 ---
-title: Re-start your MongoDB instance with access control enabled
+title: Restart your MongoDB instance with access control.    
 ref: restart_with_auth
 level: 4
-stepnum: 8 
-ref: start-mdb
+stepnum: 7
 content: |
 
   .. include:: /includes/start-server-auth.rst

source/server/auth.txt

@@ -1,12 +1,12 @@
 .. guide::
 
-   title: Enable Authentication on MongoDB
+   title: Secure your MongoDB Deployment
    type: Getting Started
    level: beginner
    author: MongoDB Documentation Team
    product_version: 4.0
    result_description:
-     This guide describes how to enable authentication on your local MongoDB instance.
+     This guide describes how to enforce authentication on your local MongoDB deployment.
    time: 10
    prerequisites:
      - A local installation of MongoDB. See :doc:`/server/install`
@@ -19,7 +19,8 @@
      If you have successfully completed this guide you have
      enabled basic authentication on your local MongoDB instance.
    whats_next:
-     The next guide walks you through connecting to your new MongoDB instance.
+     The next guide walks you through connecting to your new MongoDB
+     instance.
 
      - :doc:`/server/drivers`
    seealso: