Shulou(Shulou.com)05/31 Report--

How to use MySQL to learn authorization and permissions in MongoDB, I believe that many inexperienced people are at a loss about this. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

The security of the database is the key part of every DBA. After the establishment of the database, the security of the data is particularly important.

How to use MySQL to learn the authorization and authority of MongoDB

For a database administrator, security means that he must ensure that users with special data access rights can log on to the database server, access data and perform various operations on database objects; at the same time, DBA also prevents illegal operations by all unauthorized users.

1. MySQL authorization and permissions

There are two levels of permissions in MySQL: administrative and user. All permissions can be granted and revoked using GRANT and REVOKE statements, respectively. Users can be granted permissions such as create, select, update, delete, insert, execute, index, etc., as well as system permissions such as alter, drop, and shutdown. The root user root has all permissions by default.

2. MongoDB authorization and permissions

When the official document starts the MongoDB service without adding any parameters, you can operate on the database at will, and you can access the database remotely, so it is recommended that you do not set any parameters only when you are developing. If you specify the-- auth parameter at startup, you can block access and connections at the root level

(1) only a certain ip is allowed to access

Mongod--bind_ip127.0.0.1

(2), designated service port

Mongod--bind_ip127.0.0.1--port27888

(3) add user authentication

Mongod--bind_ip127.0.0.1--port27888-auth

(4) add users

When MongoDB is installed, there is an admin database by default, and admin.system.users will hold more user information than the user rights set in other databases.

When there is no user in admin.system.users, even if the-auth parameter is added when mongod starts, if no user is added to the admin database, anything can be done without any authentication until a user is added to admin.system.users.

How to use MySQL to learn the authorization and authority of MongoDB

Below, create two users, and create a user with the user name user1 and password pwd1 in foo, as follows:

[chinastor.com-root@localhostbin] #. / mongo--port27888MongoDBshellversion:1.8.1connectingto:test > usefooswitchedtodbfoo > db.addUser ("user1", "pwd1") {"user": "user1", "readOnly": false, "pwd": "35263c100eea1512cf3c3ed83789d5e4"}

Www.itjs.cn

Create a user with the username root and password pwd2 in admin as follows: www.itjs.cn

Useadminswitchedtodbadmin > db.addUser ("root", "pwd2") {"_ id": ObjectId ("4f8a87bce495a88dad4613ad"), "user": "root", "readOnly": false, "pwd": "20919e9a557a9687c8016e314f07df42"} > db.auth ("root", "pwd2") 1 >

If the authentication is successful, 1 is displayed, and you can view the user information for a specific database with the following command: www.itjs.cn

> useadminswitchedtodbadmin > db.system.users.find (); {"_ id": ObjectId ("4f8a87bce495a88dad4613ad"), "user": "root", "readOnly": false, "pwd": "20919e9a557a9687c8016e314f07df42"} > usefooswitchedtodbfoo > db.system.users.find (); {"_ id": ObjectId ("4f92966d77aeb2b2e730c1bb"), "user": "user1", "readOnly": false, "pwd": "35263c100eea1512cf3c3ed83789d5e4"} >

Let's test whether the user's permission settings are correct: www.itjs.cn

[chinastor.com-root@localhostbin] #. / mongo--port27888MongoDBshellversion:1.8.1connectingto:127.0.0.1:27888/test > usefooswitchedtodbfoo > db.system.users.find (); error: {"$err": "unauthorizeddb:foolocktype:-1client:127.0.0.1", "code": 10057} > useadminswitchedtodbadmin > db.system.users.find (); error: {"$err": "unauthorizeddb:adminlocktype:-1client:127.0.0.1", "code": 10057} >

Notify the above experimental results, indicating that there will be an error if you do not specify a user name and password when logging in, that is, the deployment of security is effective. Let me take a look at another scene:

[chinastor.com-root@localhostbin] #. / mongo--port27888-uroot-ppwd2MongoDBshellversion:1.8.1connectingto:127.0.0.1:27888/testSatApr2119:23:15uncaughtexception:loginfailedexception:loginfailed

Strange, we clearly specified the user name and the password is not wrong, then let's see if there is any valuable information on the system log:

Auth:couldn'tfinduserroot,test.system.users

Oh, I see. It means that when connecting to mongodb, if you do not specify a library name, you will automatically connect to the test library, but none of the users we created just now are established on the test library, so we need to display the name of the library to which you want to connect:

[chinastor.com-root@localhostbin] #. / mongo--port27888admin-uroot-ppwd2MongoDBshellversion:1.8.1connectingto:127.0.0.1:27888/admin > showcollections;system.indexessystem.users > usefooswitchedtodbfoo > showcollectionssystem.indexessystem.userst1 >

What we see is that the user root has the permissions to operate all the libraries, so what permissions does the user user1 have? we will know as soon as we try:

[chinastor.com-root@localhostbin] #. / mongo--port27888foo-uuser1-ppwd1MongoDBshellversion:1.8.1connectingto:127.0.0.1:27888/foo > showcollections;system.indexessystem.userst1 > usetestswitchedtodbtest > showcollectionsSatApr2119:28:25uncaughtexception:error: {"$err": "unauthorizeddb:testlocktype:-1client:127.0.0.1", "code": 10057} >

From the results, we can see that because user1 is a user established in the foo library, it does not have permission to operate other databases, or even test libraries.

After reading the above, do you know how to use MySQL to learn authorization and permissions in MongoDB? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.