mongodb 创建用户

mongodb 创建用户

MongoDB的2进制安装极其简单,按照官方文档的操作来,默认是没有用户认证的…运行效率虽然很高,未免不太安全。

下面介绍如何使用auth方式来进行用户认证(keyFile方式我还没看..)

1) 不使用 –auth参数,启动 mongodb
2) 创建 User Administrator.
mongodb里面没有root这种超级权限无敌的用户,但是有User Administrator,它可以管理其它用户~~,但是就没有其它的特殊权限了。
如果一个用户有了userAdminAnyDatabase 权限,它就成为了 User Administrator。

USE admin;
或者 : 
db = db.getSiblingDB('admin')
添加用户
db.addUser( { USER: "root",
              pwd: "123456",
              roles: [ "userAdminAnyDatabase" ] } )
 
查看admin库里面的全部用户:
USE admin;
db.system.users.find();
{ "_id" : ObjectId("xxxxxx"), "pwd" : "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "roles" : [  "userAdminAnyDatabase" ], "user" : "root" }

这样就在admin库中添加了一个名为root,密码为123456的User Administrator。

3) 使用 –auth参数启动mongodb

4) 使用User Administrator登录并完成认证。

[root@yw-0-0 logs]# mongo  xxx.xxx.xx.xxx
MongoDB shell version: 2.2.3
connecting TO: xxx.xxx.xx.xxx/test
> USE admin;
switched TO db admin
#认证, 1表示成功
> db.auth("root", "123456");
1
#查看admin库中全部用户:
> db.system.users.find();
{ "_id" : ObjectId("xxxxxx"), "pwd" : "xxxxxxxxxxxxxxxxxxxxxxxxxxx", "roles" : [  "userAdminAnyDatabase" ], "user" : "root" }
> 
#查看全部的表,会提示无权限,因为我们创建的root用户就只有用户管理的权限:
> SHOW TABLES;
Tue Sep 24 10:37:00 EXEC error: src/mongo/shell/query.js:128 error: {
        "$err" : "not authorized for query on cleanmaster.system.namespaces",
        "code" : 16550
}
throw "error: " + tojson( ret );

5) 创建其它用户

用户都是跟着库走的,用户信息也会保存到库的system.users表里面。
When adding a user to multiple databases, you must define the user for each database.

> USE cm;
#创建用户cm,密码123456, 权限为readWrite和dbAdmin
> db.addUser( { USER: "cm",pwd: "123456",roles: [ "readWrite", "dbAdmin" ]} )
Tue Sep 24 10:53:51 EXEC error: src/mongo/shell/db.js:64 password can't be empty
throw "password can't be empty";
这个问题困扰了我好久啊...
后来发现客户端是2.2.3,服务端是2.4.6........
换成最新的客户端就ok了:
 
> db.addUser( { user: "cm",pwd: "123456",roles: [ "readWrite", "dbAdmin" ]} )
{
        "USER" : "cm",
        "pwd" : "687312e8f13ef54ec5d213f4eadf1d98",
        "roles" : [
                "readWrite",
                "dbAdmin"
        ],
        "_id" : ObjectId("5241005872de6152c88ca17d")
}
 
> db.system.users.find();
{ "_id" : ObjectId("5241005872de6152c88ca17d"), "USER" : "cm", "pwd" : "687312e8f13ef54ec5d213f4eadf1d98", "roles" : [  "readWrite",  "dbAdmin" ] }
> use cm
#使用新用户认证:
> db.auth("cm","123456");
1
> show tables;
system.indexes
system.users

6) 修改密码

db = db.getSiblingDB('cm')
#修改新密码为 1-6
db.changeUserPassword("cm", "1-6")

7) 后记
之所以写这篇文章,是因为百度出来的资料都不靠谱啊!

参考:

http://docs.mongodb.org/manual/administration/security-access-control/

http://docs.mongodb.org/manual/reference/privilege-documents/#.system.users

About 花荣

He is the founder, designer, and managing editor of zhaokunyao.com, and he is perpetually behind schedule.
This entry was posted in mongodb and tagged . Bookmark the permalink.

One Response to mongodb 创建用户

  1. says:

    其实还真有mysql中的root用户。比如:
    dbAdminAnyDatabase
    readWriteAnyDatabase
    readAnyDatabase
    clusterAdmin

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>