启用mongodb授权认证的方法:
1、以–auth 启动mongod
2、在配置文件mongod.conf 中加入 auth = true
第一次启用–auth时会出现:
2015-05-13T11:20:22.296+0800 I ACCESS [conn1] note: no users configured in admin.system.users, allowing localhost access
2015-05-13T11:20:22.297+0800 I ACCESS [conn1] Unauthorized not authorized on admin to execute command { getLog: “startupWarnings” }
2015-05-13T12:07:08.680+0800 I INDEX [conn1] build index on: admin.system.users properties: { v: 1, unique: true, key: { user: 1, db: 1 }, name: “user_1_db_1″, ns: “admin.system.users” }
即之前未定义过用户,所以mongod将允许本地直接访问
mongo 登陆后 创建一个合适的超级用户
use admin
db.createUser({
user: "mongo",
pwd: "mongo",
roles: [ { role: "__system", db: "admin" } ]
})
http://docs.mongodb.org/manual/reference/method/db.createUser/
给一个用户授权 :
use admin
db.grantRolesToUser(
"mongo",
[
{ role: "readAnyDatabase", db:"admin" }
]
)
http://docs.mongodb.org/manual/tutorial/assign-role-to-user/
启用replica set 时需要做的授权:
use admin
db.createUser( {
user: "siteUserAdmin",
pwd: "",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});
db.createUser( {
user: "siteRootAdmin",
pwd: "",
roles: [ { role: "root", db: "admin" } ]
});
http://docs.mongodb.org/manual/tutorial/deploy-replica-set-with-auth/