MongoDB 默认不需要用户名密码,但现实情况还是需要用户密码验证。本篇介绍基本的用户操作。
官网有很详细的例子 https://docs.mongodb.com/manual/reference/method/js-user-management/
下面是我的一部分总结。
MongoDB 默认以如下配置启动
dbpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/db
logpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/mongodb.log
port=27017
fork=true
logappend=true
先创建一个管理员账号
命令行登陆 mongodb, 在bin目录下执行 ./mongo
[root@localhost bin]# ./mongo
MongoDB shell version v3.4.7
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.7
Server has startup warnings:
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten]
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten]
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten]
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten]
2017-08-14T18:14:19.248+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-08-14T18:14:19.249+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-08-14T18:14:19.249+0800 I CONTROL [initandlisten]
>
在 admin 库下面创建超级用户,超级用户用于管理其他用户的权限
use admin
db.createUser({user:"admin", pwd:"admin", roles:[{role:"userAdminAnyDatabase", db:"admin"}]});
用户名为 admin 密码为 admin 角色为 userAdminAnyDatabase
关于角色 官网有详细说明 https://docs.mongodb.com/manual/reference/built-in-roles/#built-in-roles
创建普通用户
use demo
db.createUser({user:"demo_user", pwd:"123456", roles:[{role:"readWrite", db:"demo"}]});
在 demo 库下面创建了一个 demo_user 密码为 123456 有读写权限
查看库下面所有用户
use demo
db.getUsers()
使用admin用户修改普通用户密码
use admin
db.changeUserPassword("demo_user", "SOh3TbYhx8ypJPxmt1oOfL")
删除库下面用户
use demo
db.dropUser("demo_user");
删除库下面所有用户
use demo
db.dropAllUsers()
获取角色信息
use demo
db.getUser("demo_user")
开启权限需设置 auth=true 到 mongodb 启动配置文件
dbpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/db
logpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/mongodb.log
port=27017
fork=true
logappend=true
auth=true
重启mongodb
[root@localhost bin]# ps aux|grep mongod
root 8203 0.7 4.9 980176 50268 ? SLl 18:14 0:03 ./mongod --config mongodb.conf
root 8242 0.0 0.0 112648 956 pts/0 R+ 18:23 0:00 grep --color=auto mongod
[root@localhost bin]# kill -HUP 8203
[root@localhost bin]# ./mongod --config mongodb.conf
about to fork child process, waiting until server is ready for connections.
forked process: 8245
child process started successfully, parent exiting
[root@localhost bin]#
现在权限已生效
通过命令行登陆可以发现,执行命令提示没有权限
[root@localhost bin]# ./mongo
MongoDB shell version v3.4.7
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.7
> use demo
switched to db demo
> show collections
2017-08-14T18:25:24.277+0800 E QUERY [thread1] Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on demo to execute command { listCollections: 1.0, filter: {} }",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:807:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:819:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:830:16
shellHelper.show@src/mongo/shell/utils.js:762:9
shellHelper@src/mongo/shell/utils.js:659:15
@(shellhelp2):1:1
>
通过授权之后可以执行 show collections 命令可以获取结果
> db.auth("demo_user", "123456")
1
> show collections
restaurants
>
通过下面的方式可以直接登陆数据库并且已获得权限
[root@localhost bin]# ./mongo demo -u demo_user -p
MongoDB shell version v3.4.7
Enter password:
connecting to: mongodb://127.0.0.1:27017/demo
MongoDB server version: 3.4.7
> show collections
restaurants
>