####mongodb版本 $ mongod --version
db version v3.0.7 git version: nogitversion
####添加admin用户
use admin
switched to db admin
db.createUser({user:'admin',pwd:'password123',roles:[{role:'root',db:'admin'}]})
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
####启用auth
systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
#添加如下行
security:
authorization: enabled
####重新启动mongodb $ mongod -f /usr/local/etc/mongod.conf
####使用admin用户登录 > use admin
switched to db admin
> db.auth({user:'admin',pwd:'password123'})
1
> use db1
switched to db db1
> db.table1.find()
{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }
####新建readonly用户 使用read-user用户登录发现只能对db1的执行查询操作
db.createUser({user:'read-user',pwd:'123456',roles:[{role:'read',db:'db1'}]}) Successfully added user: { "user" : "read-user", "roles" : [ { "role" : "read", "db" : "db1" } ] }
> db.auth({user:'read-user',pwd:'123456'})
1
> show dbs
2016-04-04T11:22:56.549+0800 E QUERY Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
}
at Error (<anonymous>)
at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
at shellHelper.show (src/mongo/shell/utils.js:630:33)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47
> use db1
switched to db db1
> show tables
system.indexes
table1
> db.table1.find()
{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }
> db.table1.insert({"name" : "yi", "age" : 32 }) #执行插入报错
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on db1 to execute command { insert: \"table1\", documents: [ { _id: ObjectId('5701df5736ebd2a019bfb3f2'), name: \"yi\", age: 32.0 } ], ordered: true }"
}
})
> use local
switched to db local
> db.startup_log.find() #在local库中查询报错
Error: error: { "$err" : "not authorized for query on local.startup_log", "code" : 13 }