mongodb创建local库用户_mongodb用户创建与授权

最新推荐文章于 2025-02-13 16:39:30 发布

weixin_39983051

最新推荐文章于 2025-02-13 16:39:30 发布

阅读量595

点赞数

文章标签： mongodb创建local库用户

本文链接：https://blog.csdn.net/weixin_39983051/article/details/112042369

版权

本文详细介绍了如何在MongoDB中创建用户、授权及管理角色。首先在非--auth模式下启动MongoDB，创建拥有root权限的admin用户。接着启用--auth模式，并通过admin用户登录，创建具有readWrite权限的rwuser用户。然后展示了如何为用户增加或减少角色，以及在特定数据库创建用户。此外，还讲解了如何创建自定义角色并为其赋予特定权限，如find、update、insert和remove。最后讨论了如何更改已有角色的权限设置。

摘要由CSDN通过智能技术生成

## 1.用户授权

## (1) 在非--auth模式下启动

/mongodb/bin/mongod --dbpath=/data/mongodb

--logpath=/mongodb/logs/mongodb.log --logappend --journal --fork

--port=27017

> use admin

switched to db admin

> db.dropDatabase();

{ "dropped" : "admin", "ok" : 1 }

> use admin

switched to db admin

## 创建一个用户,有root权限

> db.createUser({user:"admin",pwd:"admin", roles:

[{role:"root", db:"admin"}]});

Successfully added user: {

"user" : "admin",

"roles" : [

{

"role" :

"root",

"db" :

"admin"

}

]

}

## (2) 可以看到相关集合以及关于新建用户的内容

> show collections;

system.indexes

system.users

system.version

> db.system.users.find();

{ "_id" : "admin.admin", "user" : "admin", "db" : "admin",

"credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000,

"salt" : "2XdOg1YlUa5wwLj3Fx8WhA==", "storedKey"

"ENNWUOiKxfasE1Dz16qcXky44F4=", "serverKey" :

"deQB8LeyV4wkT4bfDf8gmbXiO9I=" } }, "roles" : [ { "role" : "root",

"db" : "admin" } ] }

> db.system.indexes.find();

{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" :

"admin.system.version" }

{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" :

"admin.system.users" }

{ "v" : 1, "unique" : true, "key" : { "user" : 1, "db" : 1 },

"name" : "user_1_db_1", "ns" : "admin.system.users" }

> db.system.version.find();

{ "_id" : "authSchema", "currentVersion" : 5 }

## (3)现在启用--auth

/mongodb/bin/mongod --dbpath=/data/mongodb

--logpath=/mongodb/logs/mongodb.log --logappend --journal --fork

--port=27017 --auth

## 直接mongo进去,发现啥也做不了

[root@centos511 ~]# mongo

MongoDB shell version: 3.0.7

connecting to: test

> show dbs;

2016-01-13T16:01:12.396+0800 E QUERY Error: listDatabases failed:{

"ok" : 0,

"errmsg" : "not authorized on admin to execute

command { listDatabases: 1.0 }",

"code" : 13

}

at Error ()

at Mongo.getDBs

(src/mongo/shell/mongo.js:47:15)

at shellHelper.show

(src/mongo/shell/utils.js:630:33)

at shellHelper

(src/mongo/shell/utils.js:524:36)

at (shellhelp2):1:1 at

src/mongo/shell/mongo.js:47

## (4)刚才在数据库admin创建了一个账户叫admin密码admin,

## 先切换到admin库进行连接(其他db则登录失败)：

[root@centos511 ~]# mongo

MongoDB shell version: 3.0.7

connecting to: test

> db.auth("admin","admin");

Error: 18 Authentication failed.

> use my_mongodb;

switched to db my_mongodb

> db.auth("admin","admin");

Error: 18 Authentication failed.

> use admin;

switched to db admin

> db.auth("admin","admin")

## db.auth("admin","admin")返回值为1，说明登录成功！

db.auth("admin","admin")的记录是不存在的，执行完后这一行在shell中不会记录历史。

## (5) 到admin库直接用db.auth登录

> use admin;

switched to db admin

> db.auth("admin","admin");

## 如果写错了库名admin,

可以写正确库名admin后db.auth登录,

## 进去后可以直接删除,可以直接删除

> use amin;

switched to db amin

> db.dropDatabase();

{ "ok" : 1 }

## 切换到admin库,登录admin用户

> use admin;

switched to db admin

> db.auth("admin","admin");

> show dbs;

admin 0.078GB

local 0.078GB

my_mongodb 0.078GB

test 0.078GB

## (6) 所以现在创建另一个用户rwuser(切换在admin数据库创建), 有readWrite权限

db.createUser({user:"rwuser",pwd:"rwuser",roles:[{role:"readWrite",db:"my_mongodb"}]});

Successfully added user: {

"user" : "rwuser",

"roles" : [

{

"role" :

"readWrite",

"db" :

"my_mongodb"

}

]

}

> use my_mongodb

switched to db my_mongodb

> show tables;

system.indexes

user

## 发现无法登录

> db.auth("rwuser","rwuser");

Error: 18 Authentication failed.

## 只能在admin登录

> use admin

switched to db admin

> db.auth("rwuser","rwuser");

## 这时再切换到my_mongodb测试库,可以使用

> use my_mongodb

switched to db my_mongodb

> show tables;

system.indexes

user

## (7)对于用户, 可以增减角色:

## 增加角色:

db.grantRolesToUser("username",[{role:"",db:""}]);

db.grantRolesToUser('rwuser',[{role:"dbOwner",db:"my_mongodb"}]);

## 取消角色:

db.revokeRolesFromUser("username",[{role:"",db:""}]);

db.revokeRolesFromUser('rwuser',[{role:"readWrite",db:"my_mongodb"}]);

## 切换到admin用户

> use admin;

switched to db admin

> db.auth("admin","admin");

## 授予dbOwner角色, 并取消readWrite角色

db.grantRolesToUser('rwuser',[{role:"dbOwner",db:"my_mongodb"}]);

db.revokeRolesFromUser('rwuser',[{role:"readWrite",db:"my_mongodb"}]);

## my_mongodb直接登录失败

> use my_mongodb;

switched to db my_mongodb

> db.auth("rwuser","rwuser");

Error: 18 Authentication failed.

> db

my_mongodb

## 切换到admin登录

> use admin

switched to db admin

> db.auth("rwuser","rwuser");

> use my_mongodb;

switched to db my_mongodb

## dbOwner有list collections权限, 插入权限, find权限

> show collections;

system.indexes

user

db.user.save({"uid":3,"username":"Steven","age":27});

WriteResult({ "nInserted" : 1 })

> db.user.find({uid:3});

{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,

"username" : "Steven", "age" : 27 }

(8) 在创建用户时可以在其数据库创建,不用每次切换到admin数据库登录后再切换

## 1) admin登录

> use admin;

switched to db admin

> db.auth("admin","admin");

## 2) 切换到业务库,进行创建用户,发现可以直接在业务库进行新用户登录

> use my_mongodb

switched to db my_mongodb

db.createUser({user:"usersteven",pwd:"usersteven",roles:[{

role:"dbOwner",db:"my_mongodb"}]});

Successfully added user: {

"user" : "usersteven",

"roles" : [

{

"role" :

"dbOwner",

"db" :

"my_mongodb"

}

]

}

> db.auth("usersteven","usersteven");

## 2.创建角色

## 切换到my_mongodb并且在数据库my_mongodb中创建角色

## roles: 创建角色"testRole"在数据库"my_mongodb" 中

## privileges: 该角色可查看"find"数据库"my_mongodb"的所有集合

## db.dropRole("testRole")进行删除角色

## (1)切换admin库admin用户登录

> use admin;

switched to db admin

> db.auth("admin","admin");

## (2)切换至my_mongodb,并创建角色,action行为配置为find

> use my_mongodb

switched to db my_mongodb

db.createRole({role:"testRole",privileges:[{resource:{db:"my_mongodb",collection:""},

actions:["find"]}],roles:[]});

{

"role" : "testRole",

"privileges" : [

{

"resource"

: {

"db" : "my_mongodb",

"collection" : ""

"actions"

: [

"find"

]

}

"roles" : [ ]

}

## (3) 去admin库admin用户登录查看授权情况

> use admin;

switched to db admin

> show collections;

system.indexes

system.roles

system.users

system.version

> db.system.roles.find();

{ "_id" : "my_mongodb.testRole", "role" : "testRole", "db" :

"my_mongodb", "privileges" : [ { "resource" : { "db" :

"my_mongodb", "collection" : "" }, "actions" : [ "find" ] } ],

"roles" : [ ] }

## (4) 回到my_mongodb,创建用户userwill,并授予自定义角色

> use my_mongodb

switched to db my_mongodb

db.createUser({user:"userwill",pwd:"userwill",roles:[{role:"testRole",

db:"my_mongodb"}]});

Successfully added user: {

"user" : "userwill",

"roles" : [

{

"role" :

"testRole",

"db" :

"my_mongodb"

}

]

}

## 退出,切库至my_mongodb,新用户userwill登录

> exit

bye

[root@centos511 ~]# mongo

MongoDB shell version: 3.0.7

connecting to: test

> use my_mongodb;

switched to db my_mongodb

> db.auth("userwill","userwill");

## 可以find

> db.user.find({uid:3});

{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,

"username" : "Steven", "age" : 27 }

## 但也只有查询权限,

> db.user.save({"uid":4,"username":"will","age":28});

WriteResult({

"writeError" : {

"code" : 13,

"errmsg" : "not authorized on

my_mongodb to execute command { insert: "user", documents: [ {

uid: 4.0, username: "will", age: 28.0, _id:

ObjectId('56963bd65a3618cf60c7e08a') } ], ordered: true }"

}

})

(5)给testRole添加三个"privilege"权限:"update","insert","remove",再重新操作

## 给权限又只能切换到admin库admin用户登录

> use admin;

switched to db admin

> db.auth("admin","admin");

db.grantPrivilegesToRole("testRole",[{resource:{db:"my_mongodb",collection:""},actions:["update","insert","remove"]}]);

## 退出重新登录

> exit

[root@centos511 ~]# mongo

MongoDB shell version: 3.0.7

connecting to: test

## 切换到my_mongodb库

> use my_mongodb

switched to db my_mongodb

## 登录

> db.auth("userwill","userwill");

## 发现保存成功

> db.user.save({"uid":4,"username":"will","age":28});

WriteResult({ "nInserted" : 1 })

## uid=4记录保存成功

> db.user.find();

{ "_id" : ObjectId("56939ea79c8c3085fbb0283d"), "uid" : 2,

"username" : "Jerry", "age" : 100 }

{ "_id" : ObjectId("56939ea79c8c3085fbb0283e"), "uid" : 1,

"username" : "Tom", "age" : 25 }

{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,

"username" : "Steven", "age" : 27 }

{ "_id" : ObjectId("5697399f23598adf661315c3"), "uid" : 4,

"username" : "will", "age" : 28 }

## 切换至admin库查看权限,发现不准

> use admin;

switched to db admin

> db.system.roles.find();

Error: error: { "$err" : "not authorized for query on

admin.system.roles", "code" : 13 }

## 只有登录admin用户才能查看权限

> db.auth("admin","admin");

> db.system.roles.find();

{ "_id" : "my_mongodb.testRole", "role" : "testRole", "db" :

"my_mongodb", "privileges" : [ { "resource" : { "db" :

"my_mongodb", "collection" : "" }, "actions" : [ "find", "insert",

"remove", "update" ] } ], "roles" : [ ] }

## (6) 更改角色roles, 不同于增加或减少授权, 而是完整更新。

Privileges也可以更新和替换!

> use admin

switched to db admin

> db.auth("admin","admin")

> use my_mongodb

switched to db my_mongodb

> db.updateRole("testRole",{ roles:[{ role: "readWrite",db:

"my_mongodb"}]},{ w:"majority" })

> db.auth("userwill","userwill");

> show dbs;

admin 0.078GB

local 0.078GB

my_mongodb 0.078GB

test 0.078GB