mongodb 3.0.x 添加用户名和密码设置权限

来源:互联网 时间:1970-01-01


mongodb 3.0.x 添加用户名,密码,权限设置

最近遇到关于mongodb 3.0.x权限设置的问题,做了一下总结:

  • 第一给mongodb 3.0.x 添加user
第一步修改配置文件:[email protected]:~$ sudo gedit /etc/mongod.conf将下面security: authorization: enabled改为#security保存退出[email protected]:~$ ps -ef | grep [email protected]:~$ sudo kill [email protected]:~$ sudo service mongod [email protected]:~$ mongoMongoDB shell version: 3.0.7connecting to: testServer has startup warnings: 2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] 2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] 2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] > show dbsadmin 0.078GBlocal 0.078GB> use adminswitched to db admin> db.createUser(... {... user:"admin",... pwd:"admin",... roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"}]... }... )Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ]}> db.system.users.find(){ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "bUhMAodI9w6OPDt9GL5Auw==", "storedKey" : "jBhWrBoYjwz86PqlCUTMkSh3h2A=", "serverKey" : "DMq1OYN45RfPjWIi4jFKNW6BJ6k=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }> exitbye接下来在配置文件中恢复认证[email protected]:~$ sudo gedit /etc/mongod.conf改#security:为security: authorization: enabled保存退出接下来[email protected]:~$ ps -ef | grep [email protected]:~$ sudo kill [email protected]:~$ sudo service mongod start然后在mongo shell操作(注意1.该方式添加的用户不能用Robomongo 0.8.5连接,具体原因在下面;注意2.既然认证了就要先db.auth('xxx','xxx')返回1后再进行其他操作)如下操作[email protected]:~$ mongoMongoDB shell version: 3.0.7connecting to: test> use adminswitched to db admin> db.auth('admin','admin')1>show dbsadmin 0.078GBlocal 0.078GB
  • 第二用Robomongo 0.8.5连接mongodb 3.0.x
    应该有很多同学用第一种方式设置好用户后,用Robomongo 0.8.5连接mongodb 3.0.x会发现怎么都连接不上,
    为什么呢?
    咱先看下日志文件会发现有这么一句
    2015-10-27T09:28:47.588+0800 I ACCESS [conn5] Failed to authenticate [email protected] with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user [email protected]
    原来,在mongodb 2.x采用的默认认证机制是MONGODB-CR
    而在mongodb官网说明中mongodb 3.0.x采用的认证机制是SCRAM-SHA-1
    而Robomongo 0.8.5的认证机制并没有升级(个人推测,也有可能可以在Robomongo哪个配置文件可以设置一下也不一定)
    下面就是如何操作:
第一步修改配置文件:[email protected]:~$ sudo gedit /etc/mongod.conf将下面security: authorization: enabled改为#security保存退出[email protected]:~$ ps -ef | grep [email protected]:~$ sudo kill [email protected]:~$ sudo service mongod [email protected]:~$ mongoMongoDB shell version: 3.0.7connecting to: test2015-10-27T18:10:13.137+0800 I CONTROL [initandlisten] 2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] 2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] > show dbsadmin 0.078GBlocal 0.078GB> use adminswitched to db admin> show collectionssystem.indexessystem.userssystem.version> db.system.version.find(){ "_id" : "authSchema", "currentVersion" : 5 }从上面可以看到"currentVersion" : 5 currentVersion为5则表示当前数据库的认证机制是SCRAM-SHA-1而在mongodb 2.x中采用的默认认证机制是MONGODB-CR所以想要在3.x版本中使用Robomongo 0.85中使用用户名密码连接数据库则可以将mongodb的数据库认证机制(当前为SCRAM-SHA-1)改为MONGODB-CR那如何改呢?请看下面操作:> var schema=db.system.version.findOne({"_id" : "authSchema"})> schema.currentVersion=33> db.system.version.save(schema)WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })> db.system.version.find(){ "_id" : "authSchema", "currentVersion" : 3 }在这表示已经修改成功了。下面创建用户(注意,若之前已经创建过用户的则要将用户删除,因为之前创建的用户采用的认证机制是SCRAM-SHA-1)本人因为之前创建过,所以先drop掉用户> use adminswitched to db admin> db.dropUser('admin')true> db.createUser(... {... user:"admin",... pwd:"admin",... roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"}]... }... )Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ]}> db.system.users.find(){ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }> eixtbye接下来在配置文件中恢复认证[email protected]:~$ sudo gedit /etc/mongod.conf改#security:为security: authorization: enabled保存退出接下来[email protected]:~$ ps -ef | grep [email protected]:~$ sudo kill [email protected]:~$ sudo service mongod start然后在mongo shell操作(注意1.该方式添加的用户不能用Robomongo 0.8.5连接,具体原因在下面;注意2.既然认证了就要先db.auth('xxx','xxx')返回1后再进行其他操作)如下操作[email protected]:~$ mongoMongoDB shell version: 3.0.7connecting to: test> use adminswitched to db admin> db.auth('admin','admin')1>show dbsadmin 0.078GBlocal 0.078GB
  • 有个题外话:
    有些同学会发现怎么我的数据库怎么没有/etc下没有mongod.conf文件,那怎么操作
    没有mongod.conf配置文件,数据库其实加载的配置应该是内置的(本人理解)
    此时如果不显示指定配置文件启动数据库的话,可能不好添加权限认证,因为mongodb默认情况下就是不认证的,
    那如何操作呢?
    [email protected]:~/mongodb/mongodb/bin$ ./mongod –config /home/zyb/mongodb/mongodb.conf &
    上述操作即可指定配置文件启动数据库(上面路径是本人数据库存放的路径)
    其他设置权限的操作和上面一样。

转载请保留地址



相关阅读:
Top