MongoDB 3.4.7 用户基本操做

时间 2019-11-17

原文原文链接

MongoDB 默认不须要用户名密码，但现实状况仍是须要用户密码验证。本篇介绍基本的用户操做。linux

官网有很详细的例子 https://docs.mongodb.com/manual/reference/method/js-user-management/mongodb

下面是个人一部分总结。shell

MongoDB 默认以以下配置启动数据库

dbpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/db
logpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/mongodb.log
port=27017
fork=true
logappend=true

先建立一个管理员帐号bash

命令行登录 mongodb, 在bin目录下执行 ./mongoapp

[root@localhost bin]# ./mongo
MongoDB shell version v3.4.7
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.7
Server has startup warnings: 
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] 
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] 
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] 
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] 
2017-08-14T18:14:19.248+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-08-14T18:14:19.249+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-08-14T18:14:19.249+0800 I CONTROL  [initandlisten] 
>

在 admin 库下面建立超级用户，超级用户用于管理其余用户的权限ui

use admin
db.createUser({user:"admin", pwd:"admin", roles:[{role:"userAdminAnyDatabase", db:"admin"}]});

用户名为 admin 密码为 admin 角色为 userAdminAnyDatabasethis

关于角色官网有详细说明 https://docs.mongodb.com/manual/reference/built-in-roles/#built-in-rolesspa

建立普通用户prototype

use demo
db.createUser({user:"demo_user", pwd:"123456", roles:[{role:"readWrite", db:"demo"}]});

在 demo 库下面建立了一个 demo_user 密码为 123456 有读写权限

查看库下面全部用户

use demo
db.getUsers()

使用admin用户修改普通用户密码

use admin
db.changeUserPassword("demo_user", "SOh3TbYhx8ypJPxmt1oOfL")

删除库下面用户

use demo
db.dropUser("demo_user");

删除库下面全部用户

use demo
db.dropAllUsers()

获取角色信息

use demo
db.getUser("demo_user")

开启权限需设置 auth=true 到 mongodb 启动配置文件

dbpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/db
logpath=/usr/local/mongodb-linux-x86_64-rhel70-3.4.7/mongodb.log
port=27017
fork=true
logappend=true
auth=true

重启mongodb

[root@localhost bin]# ps aux|grep mongod
root      8203  0.7  4.9 980176 50268 ?        SLl  18:14   0:03 ./mongod --config mongodb.conf
root      8242  0.0  0.0 112648   956 pts/0    R+   18:23   0:00 grep --color=auto mongod
[root@localhost bin]# kill -HUP 8203
[root@localhost bin]# ./mongod --config mongodb.conf 
about to fork child process, waiting until server is ready for connections.
forked process: 8245
child process started successfully, parent exiting
[root@localhost bin]#

如今权限已生效

经过命令行登录能够发现，执行命令提示没有权限

[root@localhost bin]# ./mongo
MongoDB shell version v3.4.7
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.7
> use demo
switched to db demo
> show collections
2017-08-14T18:25:24.277+0800 E QUERY    [thread1] Error: listCollections failed: {
	"ok" : 0,
	"errmsg" : "not authorized on demo to execute command { listCollections: 1.0, filter: {} }",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:807:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:819:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:830:16
shellHelper.show@src/mongo/shell/utils.js:762:9
shellHelper@src/mongo/shell/utils.js:659:15
@(shellhelp2):1:1
>

经过受权以后能够执行 show collections 命令能够获取结果

> db.auth("demo_user", "123456")
1
> show collections
restaurants
>

经过下面的方式能够直接登录数据库而且已得到权限

[root@localhost bin]# ./mongo demo -u demo_user -p
MongoDB shell version v3.4.7
Enter password: 
connecting to: mongodb://127.0.0.1:27017/demo
MongoDB server version: 3.4.7
> show collections
restaurants
>