Shulou(Shulou.com)06/01 Report--

Mongodb Rights Management 02

Next, how to log in the password in the configuration file of mongodb?

We used this command directly before.

[root@prd3-mysql-0-36] # mongod-f / ivargo/app/mongodb/conf/mongo.conf-- auth

Our original configuration file

[root@prd3-mysql-0-36] # cat / ivargo/app/mongodb/conf/mongo.conf

Security:

Authorization: disabled / / just change disabled to enabled

This is fine. Here are our test results.

Change the configuration file above authorization: disabled to authorization: enabled

Then restart mongodb.

[root@prd3-mysql-0-36] # mongoMongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2 > show dbs 2019-05-21T14:28:35.425+0800 E QUERY [js] Error: listDatabases failed: {"ok": 0, "errmsg": "command listDatabases requires authentication", "code": 13 "codeName": "Unauthorized"}: _ getErrorWithCode@src/mongo/shell/utils.js:25:13Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1shellHelper.show@src/mongo/shell/utils.js:876:19shellHelper@src/mongo/shell/utils.js:766:15@ (shellhelp2): 1:1 > use adminswitched to db admin > db.uWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus db.uadmin.u > use adminswitched to db admin > db.auWarning: unable to run listCollections Attempting to approximate collection names by parsing connectionStatus db.auth ('vargo','vargo123') 1 > show dbs Admin 0.000GBconfig 0.000GBdbabd 0.000GBlocal 0.000GB > exitbye [root@prd3-mysql-0-36] # mongoMongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2 > use adminswitched to db admin > db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus db.auth ('majihui','majihui123') 1 > show dbsdbabd 0.000GB > exitbye

Summary of comprehensive experiments:

Step 2: create the highest privileged user without a password. The user_admin password is xxx.

We create a superuser.

Use admin

Db.createUser (

{

User: "user_admin"

Pwd: "xxx"

Roles: [{role: "root", db: "admin"}]

}

)

First, the specific operations without a password are as follows: [root@localhost data] # mongo-p 27017MongoDB shell version v3.4.10connecting to: mongodb://127.0.0.1:27017MongoDB server version: 3.4.10Server has startup warnings: 2019-05-28T21:03:52.718+0800 I CONTROL [main] * * WARNING:-- rest is specified without-- httpinterface 2019-05-28T21:03:52.719+0800 I CONTROL [main] * * enabling http interface2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten] 2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten] * * WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten] * * See http://dochub.mongodb.org/core/prodnotes-filesystem2019-05 28T21:08:17.070+0800 I CONTROL [initandlisten] 2019-05-28T21:08:17.071+0800 I CONTROL [initandlisten] * * WARNING: Access control is not enabled for the database.2019-05-28T21:08:17.071+0800 I CONTROL [initandlisten] * * Read and write access to data and configuration is unrestricted.2019-05-28T21:08:17.072+0800 I CONTROL [initandlisten] * * WARNING: You are running this process as the root user Which is not recommended.2019-05-28T21:08:17.072+0800 I CONTROL [initandlisten] > use adminswitched to db admin > db.createUser (. {... User: "user_admin", Pwd: "xxx", Roles: [{role: "root", db: "admin"}]. }) Successfully added user: {"user": "user_admin", "roles": [{"role": "root", "db": "admin"}]} > show users {"_ id": "admin.user_admin", "user": "user_admin", "db": "admin", "roles": [{"role": "root" "db": "admin"}]} / / if we log in to test, we can log in > use adminswitched to db admin > db.auth ('user_admin') 'xxx') 1 > show dbsBlockchainTransaction 0.000GBadmin 0.000GBanalysis 0.005GBapk-upgrade 0.000GBautotest 0.000GBblockchain 0.000GBdubbo-monitor 0.000GBlocal 0.000GBlogdb 0.000GBtest 0.000GBvconference 0.001GBvconsole 0. 002GBvemm-admin 0.003GBvmessage 0.011GBvphone 0.187GBvstore_db 1.994GBvtime 0.029GByapi 0.003GB

We then use encrypted mongo 27017 to make a backup.

The specific operations are as follows:

Mongodump-h localhost:27017-o / ivargo/data/mgdbback/

The actual operation is as follows

Mongodump-h localhost:27017-u user_admin-p xxx-o / ivargo/data/mgdbbackauth

/ / those that can be backed up successfully

One problem here is that the most privileged user, user_admin xxx, cannot access each table in mongodb individually.

We need to log in to each table and have more permissions to create each table.

He has more than a dozen libraries below, all of which are executed in this way. First, user separate tables are set up.

Use BlockchainTransaction

Db.createUser (

{

User: "useradmin"

Pwd: "xxxxx"

Roles: [{role: "dbOwner", db: "BlockchainTransaction"}]

}

)

Use analysis

Db.createUser (

{

User: "useradmin"

Pwd: "xxxxx"

Roles: [{role: "dbOwner", db: "analysis"}]

}

)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.