mongoDB的用户
- 为了更安全的访问mongodb,需要访问者提供用户名和密码,于是需要在mongodb中创建用户
- 采用了角色-用户-数据库的安全管理方式
- 常用系统角色如下:
- root:只在admin数据库中可用,超级账号,超级权限
- Read:允许用户读取指定数据库
- readWrite:允许用户读写指定数据库
查看当前数据库的用户
进入某个数据库,show users
#查看admin下的user
>use admin
> show users
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
查看所有的用户
所有用户存放在admin下的system.users中。
#需要创建用户,才有system.users表
>use admin
> show collections
system.users
system.version
> db.system.users.find().pretty()
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "Y6bNta3VDUJqk4xjQ0Vl2Q==",
"storedKey" : "qEmqVlt9RrhCI7YlVbFexFD/KRY=",
"serverKey" : "VW8aXgrus5gnIS91ctZtPkQ5Zbw="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "student.student",
"user" : "student",
"db" : "student",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "r/47HvEW/Zl3DVABKhqkRw==",
"storedKey" : "XpU9+rFnY9GNvHCPHehUJd0sOEY=",
"serverKey" : "V5FhopPRzL5/l7daXcxYFhQp73g="
}
},
"roles" : [
{
"role" : "read",
"db" : "student"
}
]
}
{
"_id" : "student.studentW",
"user" : "studentW",
"db" : "student",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "ida3QywWsTAhjCd+cLOfvA==",
"storedKey" : "+YOrrJus5SCPZQ4zYxWXjMs/agA=",
"serverKey" : "o/mXTlmQW6umnRhNUHSTDBUiccM="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "student"
}
]
}
创建超级管理用户
#进入admin数据库
> use admin
switched to db admin
> show collections
system.version
> db.createUser({
... user:'admin',
... pwd:'123',
... roles:[{role:'root',db:'admin'}]
... })
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> show users
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
创建只读用户
#进入student数据库,创建一个只对student有读权限的用户
> use student
switched to db student
> db.createUser({
... user:'student',
... pwd:'123',
... roles:[{role:'read',db:'student'}]
... })
Successfully added user: {
"user" : "student",
"roles" : [
{
"role" : "read",
"db" : "student"
}
]
}
> show users
{
"_id" : "student.student",
"user" : "student",
"db" : "student",
"roles" : [
{
"role" : "read",
"db" : "student"
}]}
创建读写用户
#进入student数据库,创建一个只对student读写权限的用户
>use studet
> db.createUser({
... user:'studentW',
... pwd:'123',
... roles:[{role:'readWrite',db:'student'}]
... })
Successfully added user: {
"user" : "studentW",
"roles" : [
{
"role" : "readWrite",
"db" : "student"
}
]
}
启用安全认证
- 修改配置文件,启用身份验证
sudo vi /etc/mongodb.conf #添加 auth = true
- 重启服务
sudo service mongod stop sudo service mongod start
- 终端连接
#mongo --help #管理员 mongo -u 'admin' -p '123' --authenticationDatabase 'admin' #普通用户 mongo -u student -p 123 --authenticationDatabase student
- 认证失败
MongoDB shell version v3.4.0 connecting to: mongodb://127.0.0.1:27017 MongoDB server version: 3.4.0 2017-09-14T15:43:52.639+0800 E QUERY [main] Error: Authentication failed. : DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20 @(auth):6:1 @(auth):1:2 exception: login failed
用户管理
- 修改用户:可以修改pwd、roles属性
use student db.updateUser( 'student', {pwd:'12345'}, {roles:[{role:'read',db:'student'}]} )
- 删除用户
use student db.dropUser('student')