导航：首页 > 数据库 >

mongodb权限管理02

发表于：2025-02-12 作者：千家信息网编辑

千家信息网最后更新 2025年02月12日，mongodb权限管理02接下来，mongodb 的配置文件中如何实现密码的登录呢？我们之前是直接用的这个命令[root@prd3-mysql-0-36 ~]# mongod -f /ivargo/a

千家信息网最后更新 2025年02月12日mongodb权限管理02

mongodb权限管理02

接下来，mongodb 的配置文件中如何实现密码的登录呢？
我们之前是直接用的这个命令
[root@prd3-mysql-0-36 ~]# mongod -f /ivargo/app/mongodb/conf/mongo.conf --auth
我们原来的配置文件
[root@prd3-mysql-0-36 ~]# cat /ivargo/app/mongodb/conf/mongo.conf
security:
authorization: disabled //只需要把 disabled 改成enabled 就可以了

这样改可以了，下面是我们的测试结果
authorization: disabled 上面的配置文件改成 authorization: enabled
然后重启mongodb就可以了

[root@prd3-mysql-0-36 ~]# mongoMongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2> show dbs;2019-05-21T14:28:35.425+0800 E QUERY    [js] Error: listDatabases failed:{        "ok" : 0,        "errmsg" : "command listDatabases requires authentication",        "code" : 13,        "codeName" : "Unauthorized"} :_getErrorWithCode@src/mongo/shell/utils.js:25:13Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1shellHelper.show@src/mongo/shell/utils.js:876:19shellHelper@src/mongo/shell/utils.js:766:15@(shellhelp2):1:1> use adminswitched to db admin> db.uWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus  db.uadmin.u> > > > use adminswitched to db admin> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus  db.auth('vargo','vargo123')1> show dbs;admin   0.000GBconfig  0.000GBdbabd   0.000GBlocal   0.000GB> exitbye[root@prd3-mysql-0-36 ~]# mongoMongoDB shell version v4.0.2connecting to: mongodb://127.0.0.1:27017MongoDB server version: 4.0.2> use adminswitched to db admin> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus  db.auth('majihui','majihui123')1> show dbsdbabd  0.000GB> exitbye

综合性实验小结：
第二步：在无密码的状态下创建最高权限的用户 user_admin 密码为 xxx
我们创建一个超级用户
use admin
db.createUser(
{
user: "user_admin",
pwd: "xxx",
roles: [{ role: "root", db: "admin" }]
}
)

先在无密码的状态下具体操作如下：[root@localhost data]# mongo -p 27017MongoDB shell version v3.4.10connecting to: mongodb://127.0.0.1:27017MongoDB server version: 3.4.10Server has startup warnings: 2019-05-28T21:03:52.718+0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,2019-05-28T21:03:52.719+0800 I CONTROL  [main] **          enabling http interface2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] 2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem2019-05-28T21:08:17.070+0800 I CONTROL  [initandlisten] 2019-05-28T21:08:17.071+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.2019-05-28T21:08:17.071+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.2019-05-28T21:08:17.072+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.2019-05-28T21:08:17.072+0800 I CONTROL  [initandlisten] > use adminswitched to db admin> db.createUser(...     {...         user: "user_admin",...         pwd: "xxx",...         roles: [{ role: "root", db: "admin" }]...     }... )Successfully added user: {        "user" : "user_admin",        "roles" : [                {                        "role" : "root",                        "db" : "admin"                }        ]}> show users;{        "_id" : "admin.user_admin",        "user" : "user_admin",        "db" : "admin",        "roles" : [                {                        "role" : "root",                        "db" : "admin"                }        ]}

//我们登录进去 进行测试   能登录 成功的> use adminswitched to db admin> db.auth('user_admin','xxx')1> show dbsBlockchainTransaction  0.000GBadmin                  0.000GBanalysis               0.005GBapk-upgrade            0.000GBautotest               0.000GBblockchain             0.000GBdubbo-monitor          0.000GBlocal                  0.000GBlogdb                  0.000GBtest                   0.000GBvconference            0.001GBvconsole               0.002GBvemm-admin             0.003GBvmessage               0.011GBvphone                 0.187GBvstore_db              1.994GBvtime                  0.029GByapi                   0.003GB

我们接下来用加密了的mongo 27017 做一次备份
具体操作如下：
mongodump -h localhost:27017 -o /ivargo/data/mgdbback/
实际操作如下语句
mongodump -h localhost:27017 -u user_admin -p xxx -o /ivargo/data/mgdbbackauth
//可以成功备份的

这里有一个问题就是，最高权限的用户 user_admin xxx 无法去单独的访问mongodb中的每个表
我们需要登录到每个表中更具每个不同的表创建权限
他下面有十几个库就都这样执行先user 单独的表在设置
use BlockchainTransaction
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"BlockchainTransaction"}]
}
)

use analysis
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"analysis"}]
}
)

很赞哦！