Shulou(Shulou.com)06/01 Report--

MongoDB supports various authentication mechanisms, such as enabling access control for stand-alone mongod instances and using the default authentication mechanism.

User administrator

After you enable access control, make sure that you have users in the userAdmin or userAdminAnyDatabase roles in the admin database. The user can manage users and roles, such as creating users, granting or revoking user roles, and creating or modifying defined roles. You can create users before or after enabling access control. If access control is enabled before any user is created, MongoDB prompts the local host exception, allowing the creation of a user administrator in the administrative database. Once created, you must authenticate as a user administrator to create other users as needed.

The following procedure first adds a user administrator to a MongoDB instance that is running without access control, and then enables access control.

Create a user administrator

In the administrative database, add a user with the userAdminAnyDatabase role. The following creates a user justin in the admin database:

Note: creating the user's database (admin in this example) is the user's authentication database. The user will authenticate the database, but the user can play a role in other databases; that is, the user's authentication database does not restrict the user's permissions.

[root@localhost bin] # pwd/opt/mongodb-3.4.6/bin [root@localhost bin] #. / mongo-- port 9981MongoDB shell version v3.4.6connecting to: mongodb://127.0.0.1:9981/MongoDB server version: 3.4.6Welcome to the MongoDB shell.For interactive help, type "help" .for more comprehensive documentation, see http://docs.mongodb.org/Questions? Try the support group http://groups.google.com/group/mongodb-userServer has startup warnings: 2017-12-20T00:45:44.490+0800 I CONTROL [initandlisten] * * WARNING: You are running this process as the root user, which is not recommended.2017-12-20T00:45:44.490+0800 I CONTROL [initandlisten] > use adminswitched to db admin > db.createUser (# enter. {# enter, same as below. User: "justin", Pwd: "51cto", Roles: [{role: "userAdminAnyDatabase", db: "admin"}]. }) Successfully added user: {"user": "justin", "roles": [{"role": "userAdminAnyDatabase", "db": "admin"}]} > exitbye [root@localhost bin] #

Modify the mongodb configuration file to enable authentication [root@localhost bin] # cat.. / conf/mongodb.conf bind_ip = 0.0.0.0port = 9981fork = truedbpath = / opt/mongodb-3.4.6/datapidfilepath = / var/run/mongod.pidlogpath = / opt/mongodb-3.4.6/logs/mongod.loglogappend = trueauth = true [root@localhost bin] # systemctl restart mongodb.service [root@localhost bin] # 3. Connect and authenticate as the user administrator authenticates during the connection, authenticates after connecting using-u,-p, and-- authenticationDatabase, switches to the authentication database (in this case, admin), and authenticates using the db.auth (,) method

[root@localhost bin] # / mongo-- port 9981-u "justin"-p "51cto"-- authenticationDatabase "admin"

MongoDB shell version v3.4.6

Connecting to: mongodb://127.0.0.1:9981/

MongoDB server version: 3.4.6

Exit

Bye

[root@localhost bin] # / mongo-- port 9981

MongoDB shell version v3.4.6

Connecting to: mongodb://127.0.0.1:9981/

MongoDB server version: 3.4.6

Use admin

Switched to db admin

Db.auth ("justin", "51cto")

one

Exit

Bye

[root@localhost bin] #

4. Create additional users as needed after the administrator user authenticates, you can use db.createUser () to create other users. Users can be assigned any built-in roles or user-defined roles.

MyUserAdmin users only have permissions to manage users and roles. If you use myUserAdmin to attempt to perform any other operation, such as reading data from the foo collection in the ywbz database, MongoDB returns an error.

The following actions add the user csdp to the readWrite role in the ywbz database and give it to the ywbz database, and read the role in the reporting database.

Note: the database that created the user (ywbz in this example) is the authentication database for that user. Although the user will authenticate the database, the user can play a role in other databases; that is, the user's authentication database does not restrict the user's permissions.

[root@localhost bin] # / mongo-- port 9981-u "justin"-p "51cto"-- authenticationDatabase "admin" MongoDB shell version v3.4.6connecting to: mongodb://127.0.0.1:9981/MongoDB server version: 3.4.6 > use ywbzswitched to db ywbz > db.createUser (. {. User: "csdp", Pwd: "51cto", Roles: [{role: "readWrite", db: "ywbz"}, # user csdp performs read and write permissions in database ywbz. {role: "read", db: "reporting"}] # user csdp has read permission in database reporting.}) Successfully added user: {"user": "csdp" "roles": [{"role": "readWrite", "db": "ywbz"}, {"role": "read", "db": "reporting"}]} > exitbye [root@localhost bin] #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.