02 - MongoDB的用户与权限管理

1、MongDB用户权限列表

2、MongoDB用户使用

3、创建管理员账户 

[root@base210 ~]# mongo  #登录
MongoDB shell version v4.4.1
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("7cf13707-f4a9-47cb-9078-d9a4a8a3ac43") }
MongoDB server version: 4.4.1
---
The server generated these startup warnings when booting: 
        2020-10-11T17:39:25.687+08:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
        2020-10-11T17:39:25.688+08:00: You are running this process as the root user, which is not recommended
        2020-10-11T17:39:25.688+08:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2020-10-11T17:39:25.688+08:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
        2020-10-11T17:39:25.688+08:00: Soft rlimits too low
        2020-10-11T17:39:25.688+08:00:         currentValue: 1024
        2020-10-11T17:39:25.688+08:00:         recommendedMinimum: 64000
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
#使用admin库
> use admin  
switched to db admin

#查看admin中的用户
> db.system.users.find()

#创建管理员用户
>db.createUser({user:"tanke",pwd:"111111",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
Successfully added user: {
        "user" : "tanke",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}
#查看用户
>db.system.users.find()
{ "_id" : "admin.tanke", "userId" : UUID("bd7a3e7c-a352-41a3-969d-093e65b32910"), "user" : "tanke", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "SZOQQc5KN06fbrXL3cTKyw==", "storedKey" : "fExwZ5JdzL8I/VEriA33aLwBtZQ=", "serverKey" : "JF4UbDOz2lyhpeXs4DwR80RSgZg=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "zLYNh1xbA287Pu2EfHLub8hX9hue/mHH+ySQzA==", "storedKey" : "i4M3RwiUi7mcNuADc0jA6YYdJCT+m8dPF6WcU2IIznU=", "serverKey" : "S90LSHsnCvYbLhcW0KCh5FvX8sfXWKHn7te98RsVLs0=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }

创建管理员命令：

db.createUser({user:"tanke",pwd:"111111",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})

4、使用权限方式启动MongDB

在默认的情况下MongDB是不开启用户认证的，如果我们添加用户，那么需要开启用户认证机制，通过修改mongdb.conf配置文件，在文件中添加auth=true 即可

#数据库路径
dbpath=/usr/local/mongodb/data/db
#日志路径
logpath=/usr/local/mongodb/log/mongodb.log
port=27017
#开放ip
bind_ip=0.0.0.0
#后端启动
fork=true
#开启认证
auth=true

关闭Mongodb 

> db.shutdownServer()
server should be down..

更改配置后，重启

[root@base210 ~]# mongod --config /usr/local/mongodb/etc/mongodb.conf 
about to fork child process, waiting until server is ready for connections.
forked process: 1831
child process started successfully, parent exiting
[root@base210 ~]# mongo
MongoDB shell version v4.4.1
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("fe27b789-2234-4690-bac0-20b28d4a93a3") }
MongoDB server version: 4.4.1
> use admin
switched to db admin
> db.system.users.find()
Error: error: {
        "ok" : 0,
        "errmsg" : "command find requires authentication",
        "code" : 13,
        "codeName" : "Unauthorized"
}

没有权限查看用户信息，需要使用认证函数:db.auth('用户名','密码')

> db.auth("tanke","111111")
1
#权限认证后就有了查看权限，可以查看用户了
> db.system.users.find()
{ "_id" : "admin.tianke", "userId" : UUID("bd7a3e7c-a352-41a3-969d-093e65b32910"), "user" : "tianke", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "SZOQQc5KN06fbrXL3cTKyw==", "storedKey" : "fExwZ5JdzL8I/VEriA33aLwBtZQ=", "serverKey" : "JF4UbDOz2lyhpeXs4DwR80RSgZg=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "zLYNh1xbA287Pu2EfHLub8hX9hue/mHH+ySQzA==", "storedKey" : "i4M3RwiUi7mcNuADc0jA6YYdJCT+m8dPF6WcU2IIznU=", "serverKey" : "S90LSHsnCvYbLhcW0KCh5FvX8sfXWKHn7te98RsVLs0=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> 

5、创建数据库

use 命令切换数据库时如果该库不存在，那就则会创建该数据

> use test
switched to db test

6、创建普通用户

> db.createUser({user:"tanke",pwd:"111111",roles:[{role:"readWrite",db:"test"}]})
Successfully added user: {
        "user" : "tanke",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "test"
                }
        ]
}

认证登录,并查询数据

> use test
switched to db test
> db.test.find()
{ "_id" : ObjectId("5f82fcfbc52d675728a548bc"), "key" : "vaue" }
> 
> db.auth("tanke","111111")
1
> db.test.find()
{ "_id" : ObjectId("5f82fcfbc52d675728a548bc"), "key" : "vaue" }
> 
> 
> db.test.insert("1":"2")
uncaught exception: SyntaxError: missing ) after argument list :
@(shell):1:18
> db.test.insert({"1":"2"})
WriteResult({ "nInserted" : 1 })
> db.test.find()
{ "_id" : ObjectId("5f82fcfbc52d675728a548bc"), "key" : "vaue" }
{ "_id" : ObjectId("5f8303cc59ac62179d34dbe2"), "1" : "2" }