mongodb的用户认证
2015-07-30 15:50
423 查看
原文:/article/10353924.html
mongodb默认是不认证的,默认没有账号,只要能连接上服务就可以对数据库进行各种操作,mongodb认为安全最好的方法就是在一个可信的环境中运行它,保证之后可信的机器才能访问它,可能这些对一些要求高的环境,安全还不够
mongodb提供用户认证,需要在启动时加上--auth开启认证
认证前需要添加账号
添加管理员账号:
默认情况下系统中没有用户
> use admin --切换到admin库
switched to db admin
> db.system.users.find();
> db.addUser("super","super") --添加超级用户
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "super", "roles" : [ "root" ] }
> db.system.users.find(); --查询添加的用户
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
>
添加普通账号:
> use test --切换到test库添加普通用户
switched to db test
> db.addUser("test","test")
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "test", "roles" : [ "dbOwner" ] }
添加只读账号:
> db.addUser("readonly","readonly",true) --添加只读用户
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "readonly", "roles" : [ "read" ] }
>
查询刚刚添加的所有用户:
> use admin
switched to db admin
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.db1", "user" : "db1", "db" : "test", "credentials" : { "MONGODB-
CR" : "08a3bfa3cdef4464c4738a7180465adf" }, "roles" : [ { "role" : "dbOwner", "d
b" : "test" } ] }
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.test", "user" : "test", "db" : "test", "credentials" : { "MONGOD
B-CR" : "a6de521abefc2fed4f5876855a3484f5" }, "roles" : [ { "role" : "dbOwner",
"db" : "test" } ] }
{ "_id" : "test.readonly", "user" : "readonly", "db" : "test", "credentials" : {
"MONGODB-CR" : "68eda9b099ddb587da03a33273a9f4da" }, "roles" : [ { "role" : "re
ad", "db" : "test" } ] }
>
以--auth启动mongodb开启认证
E:\mongodb\bin>mongod -f e:/mongodb/mongodb.conf
2014-09-14T11:12:07.609+0800
2014-09-14T11:12:07.609+0800 warning: 32-bit servers don't have journaling enabl
ed by default. Please use --journal if you want durability.
2014-09-14T11:12:07.609+0800
mongodb.conf文件内容如下,添加了auth=true
dbpath=E:\mongodb\data
logpath=E:\mongodb\log\mongodb.log
logappend=true
bind_ip=127.0.0.1
port=27019
#fork=true
master=true
auth=true
验证安全认证:
> use admin
switched to db admin
> show dbs --没有认证查看数据库报错
2014-09-14T13:28:45.953+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
>
> db.auth("super","super") ---认证后再次查看ok
1
> show dbs
admin 0.078GB
local 0.078GB
test 0.078GB
wangwei 0.078GB
>
普通用户认证
> show dbs --没有认证查看数据
2014-09-14T13:31:19.265+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
> db.auth("test","test")
1
> show dbs --认证后查看数据库还报错,原因这个用户属于test不属于admin
2014-09-14T13:33:30.062+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
>
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.insert({"id":222}) --没有认证情况插入文档失败
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('5415292f131751676caa7881'), id: 222.0 }
], ordered: true }"
}
})
> db.auth("test","test") --认证后插入文档成功
1
> db.mycol.insert({"id":222})
WriteResult({ "nInserted" : 1 })
>
只读用户认证
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.find() --没有认证查询失败
error: { "$err" : "not authorized for query on test.mycol", "code" : 13 }
> db.auth("readonly"."readonly")
2014-09-14T13:38:16.265+0800 SyntaxError: Unexpected string
> db.auth("readonly","readonly")
1
> db.mycol.find() --认证后查询成功
{ "_id" : ObjectId("5415294b131751676caa7882"), "id" : 222 }
>
> db.mycol.insert({"id":5555}) --只读认证后,插入文档失败,原因用户是只读的
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('541529ead090e8f5c50762b9'), id: 5555.0
} ], ordered: true }"
}
})
>
mongodb默认是不认证的,默认没有账号,只要能连接上服务就可以对数据库进行各种操作,mongodb认为安全最好的方法就是在一个可信的环境中运行它,保证之后可信的机器才能访问它,可能这些对一些要求高的环境,安全还不够
mongodb提供用户认证,需要在启动时加上--auth开启认证
认证前需要添加账号
添加管理员账号:
默认情况下系统中没有用户
> use admin --切换到admin库
switched to db admin
> db.system.users.find();
> db.addUser("super","super") --添加超级用户
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "super", "roles" : [ "root" ] }
> db.system.users.find(); --查询添加的用户
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
>
添加普通账号:
> use test --切换到test库添加普通用户
switched to db test
> db.addUser("test","test")
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "test", "roles" : [ "dbOwner" ] }
添加只读账号:
> db.addUser("readonly","readonly",true) --添加只读用户
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "readonly", "roles" : [ "read" ] }
>
查询刚刚添加的所有用户:
> use admin
switched to db admin
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.db1", "user" : "db1", "db" : "test", "credentials" : { "MONGODB-
CR" : "08a3bfa3cdef4464c4738a7180465adf" }, "roles" : [ { "role" : "dbOwner", "d
b" : "test" } ] }
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.test", "user" : "test", "db" : "test", "credentials" : { "MONGOD
B-CR" : "a6de521abefc2fed4f5876855a3484f5" }, "roles" : [ { "role" : "dbOwner",
"db" : "test" } ] }
{ "_id" : "test.readonly", "user" : "readonly", "db" : "test", "credentials" : {
"MONGODB-CR" : "68eda9b099ddb587da03a33273a9f4da" }, "roles" : [ { "role" : "re
ad", "db" : "test" } ] }
>
以--auth启动mongodb开启认证
E:\mongodb\bin>mongod -f e:/mongodb/mongodb.conf
2014-09-14T11:12:07.609+0800
2014-09-14T11:12:07.609+0800 warning: 32-bit servers don't have journaling enabl
ed by default. Please use --journal if you want durability.
2014-09-14T11:12:07.609+0800
mongodb.conf文件内容如下,添加了auth=true
dbpath=E:\mongodb\data
logpath=E:\mongodb\log\mongodb.log
logappend=true
bind_ip=127.0.0.1
port=27019
#fork=true
master=true
auth=true
验证安全认证:
> use admin
switched to db admin
> show dbs --没有认证查看数据库报错
2014-09-14T13:28:45.953+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
>
> db.auth("super","super") ---认证后再次查看ok
1
> show dbs
admin 0.078GB
local 0.078GB
test 0.078GB
wangwei 0.078GB
>
普通用户认证
> show dbs --没有认证查看数据
2014-09-14T13:31:19.265+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
> db.auth("test","test")
1
> show dbs --认证后查看数据库还报错,原因这个用户属于test不属于admin
2014-09-14T13:33:30.062+0800 listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
"code" : 13
} at src/mongo/shell/mongo.js:47
>
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.insert({"id":222}) --没有认证情况插入文档失败
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('5415292f131751676caa7881'), id: 222.0 }
], ordered: true }"
}
})
> db.auth("test","test") --认证后插入文档成功
1
> db.mycol.insert({"id":222})
WriteResult({ "nInserted" : 1 })
>
只读用户认证
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.find() --没有认证查询失败
error: { "$err" : "not authorized for query on test.mycol", "code" : 13 }
> db.auth("readonly"."readonly")
2014-09-14T13:38:16.265+0800 SyntaxError: Unexpected string
> db.auth("readonly","readonly")
1
> db.mycol.find() --认证后查询成功
{ "_id" : ObjectId("5415294b131751676caa7882"), "id" : 222 }
>
> db.mycol.insert({"id":5555}) --只读认证后,插入文档失败,原因用户是只读的
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('541529ead090e8f5c50762b9'), id: 5555.0
} ], ordered: true }"
}
})
>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- mongodb命令
- mongodb sharding key的选择
- mongodb的安装使用,window和centos环境
- linux下安装mongodb
- 【mongodb系统学习之十二】mongodb修改数据(一)
- mongodb group包(最具体的、最受欢迎、最容易理解的解释)
- 【mongodb系统学习之十一】mongodb删除数据
- MongoDB MapReduce(转)
- MongoDB MapReduce学习笔记
- mongodb max,distinct操作
- MongoDB3.0 创建用户
- mongodb集群安装及延迟节点配置
- python如何实现excel数据添加到mongodb
- mongodb(五)-索引
- mongodb复制集部署
- CentOS6.5安装MongoDB
- mongodb与spring整合及基础dao类封装
- mongoDB collection name包含特殊字符处理方法
- Mongodb 3.0.5 安装配置档超级初级1
- golang中使用mongodb的操作类以及如何封装