由于mongodb3.0细化了权限。所以在这里对权限的配置进行一翻测试。
在旧版本,用户的创建相对简单。管理也相对简单。想要创建一个管理员权限的用户。只要在admin下创建这个用户就可以。
但是在3.0的版本却不行。.
于是准备使用3.0新的内置角色权限,先来尝试配置并测试。
> use admin
switched to db admin
show roles 这个命令可以看到所有的内置角色。(太长,结果就不显示了。自己看看)
在这为admin配置了一个用户。拥有所有数据库的管理,用户管理,以及读写的权限。
> db.createUser({"user":"lwl","pwd":"123456","roles":["userAdminAnyDatabase","dbAdminAnyDatabase","readWriteAnyDatabase"]})
Successfully added user: {
"user" : "lwl",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
]
}
查看下配置好的角色。
> db.system.users.findOne()
{
"_id" : "admin.lwl",
"user" : "lwl",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "BqS7rXSb5m8EjToOH1MV8g==",
"storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=",
"serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A="
}
},
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
]
}
ok。没有问题。再看看其他数据库是否能够查看到该角色。
> show dbs
admin 0.078GB
local 0.078GB
storm 0.078GB
> use storm
switched to db storm
> db.system.user.findOne()
null
好吧。其他数据库没有。先用验证模式启动看看效果。(验证模式启动步骤略。)
[root@hadoop mongodb]# ./bin/mongo
MongoDB shell version: 3.0.3
connecting to: test
> show dbs
2015-08-26T08:32:19.757+0800 E QUERY Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
}
at Error (<anonymous>)
at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
at shellHelper.show (src/mongo/shell/utils.js:630:33)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47
可以看出需要验证用户才可以操作。
> use storm
switched to db storm
> db.auth("lwl","123456")
Error: 18 Authentication failed.
0
我先到了storm库去验证用户。结果不行。和预料的差不多。接着我们去admin库
> use admin
switched to db admin
> db.auth("lwl","123456")
1
> show collections
system.indexes
system.users
system.version
好的,验证成功了。也能列出集合了。进一步尝试其他操作。
> db.system.users.find()
{ "_id" : "admin.lwl", "user" : "lwl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BqS7rXSb5m8EjToOH1MV8g==", "storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=", "serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }
> db.test.insert({"name":"lwl"})
WriteResult({ "nInserted" : 1 })
> db.test.find()
{ "_id" : ObjectId("55dd0aa2631947e3a47874fc"), "name" : "lwl" }
OK。读写都没有问题。先看看别的数据库是否可以操作了。毕竟我们配置了是拥有所有库的角色。
> use storm
switched to db storm
> show collections
system.indexes
word
> db.word.find()
{ "_id" : ObjectId("557eb5be12339719a5bb7c5e"), "text" : "My Name Is LWL", "isReader" : false }
> db.word.insert({"test":"haha"})
WriteResult({ "nInserted" : 1 })
没有问题。再尝试下管理这个库的角色。
> db.createUser({"user":"storm_r","pwd":"123456","roles":["read"]})
Successfully added user: { "user" : "storm_r", "roles" : [ "read" ] }
> show collections
system.indexes
word
角色的管理是成功的。但是没有看到system.user。可能依旧在admin里面。我们可以去看看
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.lwl", "user" : "lwl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BqS7rXSb5m8EjToOH1MV8g==", "storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=", "serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }
{ "_id" : "storm.storm_r", "user" : "storm_r", "db" : "storm", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "S+v0xePkoHo3ADwgxrTf5A==", "storedKey" : "zwSlyIOMjaVUChIv9nPNhn7HWak=", "serverKey" : "teM4iyEu3IjPq/SmCB4SAoUfMzQ=" } }, "roles" : [ { "role" : "read", "db" : "storm" } ] }
好的,我们看到了这个用户。测试下是否生效
> exit
bye
[root@hadoop mongodb]# ./bin/mongo
MongoDB shell version: 3.0.3
connecting to: test
> use storm
switched to db storm
> db.auth("storm_r","123456")
1
> show collections
system.indexes
word
> db.word.find()
{ "_id" : ObjectId("557eb5be12339719a5bb7c5e"), "text" : "My Name Is LWL", "isReader" : false }
{ "_id" : ObjectId("55dd0b51631947e3a47874fd"), "test" : "haha" }
> db.word.insert({"test":"write"})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on storm to execute command { insert: \"word\", documents: [ { _id: ObjectId('55dd0e3f7f4b634eafacb5e3'), test: \"write\" } ], ordered: true }"
}
})
OK。没有问题。看来3.0的内置权限还是蛮方便的。功能也更强大了。