和其他所有数据库一样,权限的管理都差不多一样。mongodb存储所有的用户信息在admin 数据库的集合system.users中,保存用户名、密码和数据库信息。mongodb默认不启用授权认证,只要能连接到该服务器,就可连接到mongod。若要启用安全认证,需要更改配置文件参数auth。
以下测试理解
查看数据库:
?
> show dbs发现 admin 竟然没有!~
?
找了好久,找不到相关说明,于是直接创建用户admin
?
use admin
db.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
成功创建,再查询admin中的集合,有数据了!
?
?
> show collections system.indexes system.users system.version
查看3个集合的信息:
?
?
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "cFISfpbm04pmIFpqiL340g==", "storedKey" : "WG1DSEEEHUZUBjsjsnEA4RFVY2M=", "serverKey" : "9Lm+IX6l9kfaE/4C25/ghsQpDkE=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
>
> db.system.indexes.find();
{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" : "admin.system.version" }
{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" : "admin.system.users" }
{ "v" : 1, "unique" : true, "key" : { "user" : 1, "db" : 1 }, "name" : "user_1_db_1", "ns" : "admin.system.users" }
>
> db.system.version.find();
{ "_id" : "authSchema", "currentVersion" : 5 }
>
现在启用 auth:
[root@localhost ~]# vi /etc/mongod.conf
?
?
auth=true
重启 mongod 服务:
?
[root@localhost ~]# service mongod restart
直接默认登录,查看集合,发现无权操作了:
[root@localhost ~]# mongo
?
[root@localhost ~]# mongo
MongoDB shell version: 3.0.2
connecting to: test
> show dbs
2015-05-09T21:57:03.176-0700 E QUERY Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
}
at Error (
)
at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
at shellHelper.show (src/mongo/shell/utils.js:630:33)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47
>
?
刚才在数据库 admin 创建了一个账户 admin ,先到数据admin进来连接(其他db则失败):
?
[root@localhost ~]# mongo
MongoDB shell version: 3.0.2
connecting to: test
>
> db.auth("admin","admin")
Error: 18 Authentication failed.
0
> use mydb
switched to db mydb
> db.auth("admin","admin")
Error: 18 Authentication failed.
0
> use admin
switched to db admin
> db.auth("admin","admin")
1
>
db.auth("admin","admin") 返回值为1,说明登录成功!~db.auth("admin","admin") 记录是不存在的,执行完后这一行在shell中不会记录历史。
?
所以现在创建另一个用户"myuser"
?
db.createUser(
{
user: "myuser",
pwd: "myuser",
roles: [ { role: "readWrite", db: "mydb" } ]
}
)
也可以增删角色:
?
?
#授予角色:db.grantRolesToUser( "userName" , [ { role: "
", db: "
" } ]) db.grantRolesToUser( "myuser" , [ { role: "dbOwner", db: "mydb" } ]) #取消角色:db.grantRolesToUser( "userName" , [ { role: "
", db: "
" } ]) db.revokeRolesFromUser( "myuser" , [ { role: "readWrite", db: "mydb" } ])
因为在admin数据库创建的,只能在 admin 数据库中登录:
?
?
> db.auth("myuser","myuser")
Error: 18 Authentication failed.
0
>
> db
mydb
> use admin
switched to db admin
> db.auth("myuser","myuser");
1
>
此时是可以切换到所在的数据库进行相关操作:
?
?
> use mydb
switched to db mydb
>
> db.tab.save({"id":999});
WriteResult({ "nInserted" : 1 })
>
> db.tab.find({"id":999});
{ "_id" : ObjectId("554ef5ac1b590330c00c7d02"), "id" : 999 }
>
> show collections
system.indexes
tab
>
在创建用户时可以在其数据库中创建,这样不用每次都进入admin数据库登录后再切换。如在数据库"mydb"创