MongoDB 3.0+ 安全权限访问控制
来源:互联网 发布:淘宝信誉积分怎么算 编辑:程序博客网 时间:2024/06/04 23:33
转自:http://blog.csdn.net/lk10207160511/article/details/50281883
MongoDB3.0+的权限,网上搜出来的解决方法都是3.0以下的版本的,所以不适合3.0+以上的版本,由于这版本改变的有些大,解决了很久,终于解决,下面把解决的步骤以及思路分享给大家。
一,不使用 --auth
1.首先,不使用--auth参数启动MongoDB:
- ./mongodb-linux-i686-3.0.0/bin/mongod -f mongodb-linux-i686-3.0.0/mongodb.conf
2.接着,在命令窗口中输入:
看到只有一个local数据库,admin是不存在的(这是3.0以上版本改变了的),我们需要自己给他创建个admin数据库。
3.打开 mongo shell:
- ./mongodb-linux-i686-3.0.0/bin/mongo
- use admin
- db.createUser(
- {
- user: "admin",
- pwd: "admin",
- roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
- }
- )
roles 中的 db 参数是必须的,不然会报错:Error: couldn’t add user: Missing expected field “db”。另外,有很多文章记录的是使用 db.addUser(…) 方法,这个方法是旧版的,3.0中已经不存在。详细:点击打开链接
5.切换到admin下,查看刚才创建的用户:
- show users
- 或
- db.system.users.find()
- { "_id" : "admin.buru", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "gwVwuA/dXvxgSHavEnlyvA==", "storedKey" : "l2QEVTEujpkCuqDEKqfIWbSv4ms=", "serverKey" : "M1ofNKXg2sNCsFrBJbX4pXbSgvg=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
二,使用--auth
1.使用--auth参数启动MongoDB:
- ./mongodb-linux-i686-3.0.0/bin/mongod
- ./mongodb-linux-i686-3.0.0/bin/mongo
- use admin
- db.auth("admin","admin") #认证,返回1表示成功
- 或
- ./mongodb-linux-i686-3.0.0/bin/mongo -u admin -p admin
此时
报错
- 2015-03-17T10:15:56.011+0800 EQUERYError: listCollections failed: {
- "ok" : 0,
- "errmsg" : "not authorized on admin to execute command { listCollections: 1.0 }",
- "code" : 13
- }
- at Error (<anonymous>)
- at DB._getCollectionInfosCommand (src/mongo/shell/db.js:643:15)
- at DB.getCollectionInfos (src/mongo/shell/db.js:655:20)
- at DB.getCollectionNames (src/mongo/shell/db.js:666:17)
- at shellHelper.show (src/mongo/shell/utils.js:625:12)
- at shellHelper (src/mongo/shell/utils.js:524:36)
- at (shellhelp2):1:1 at src/mongo/shell/db.js:643
因为,用户admin只有用户管理的权限。
3.下面创建用户,用户都跟着库走,创建的用户都是
- use test
- db.createUser(
- {
- user: "test1",
- pwd: "test1",
- roles: [
- { role: "readWrite", db: "test" }
- ]
- }
- )
- {
- "_id" : "test.test1",
- "user" : "test1",
- "db" : "test",
- "roles" : [
- {
- "role" : "readWrite",
- "db" : "test"
- }
- ]
- }
- use admin
- db.system.users.find()
- use admin
- db.system.users.find()
-
- { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "gwVwuA/dXvxgSHavEnlyvA==", "storedKey" : "l2QEVTEujpkCuqDEKqfIWbSv4ms=", "serverKey" : "M1ofNKXg2sNCsFrBJbX4pXbSgvg=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
- { "_id" : "test.test1", "user" : "test1", "db" : "test", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "//xy1V1fbqEHC1gzQqZHGQ==", "storedKey" : "ZS/o54zzl/FdcXLQJ98KdAVTfF0=", "serverKey" : "iIpNYz2Gk8KhyK3zgz6muBt0PI4=" } }, "roles" : [ { "role" : "readWrite", "db" : "test" } ] }
6.创建完毕,验证一下:
- use admin
- show collections
- 2015-03-17T10:30:06.461+0800 EQUERYError: listCollections failed: {
- "ok" : 0,
- "errmsg" : "not authorized on buru to execute command { listCollections: 1.0 }",
- "code" : 13
- }
- at Error (<anonymous>)
- at DB._getCollectionInfosCommand (src/mongo/shell/db.js:643:15)
- at DB.getCollectionInfos (src/mongo/shell/db.js:655:20)
- at DB.getCollectionNames (src/mongo/shell/db.js:666:17)
- at shellHelper.show (src/mongo/shell/utils.js:625:12)
- at shellHelper (src/mongo/shell/utils.js:524:36)
- at (shellhelp2):1:1 at src/mongo/shell/db.js:643
7.显然没权限,先auth:
- db.auth("test1","test1")
- 1
- show collections
- news
- system.indexes
完毕!
启动指令:
不带权限:
/usr/local/mongodb/bin/mongod --dbpath=/mnt/install/mongodb/data --logpath=/mnt/install/mongodb/logs/mongodb.log --port=27017 --fork
带权限:
/usr/local/mongodb/bin/mongod --dbpath=/mnt/install/mongodb/data --logpath=/mnt/install/mongodb/logs/mongodb.log --port=27017 --auth --fork
0 0
