mongodb权限管理02
接下来,mongodb 的配置文件中如何实现密码的登录呢?
我们之前是直接用的这个命令
[root@prd3-mysql-0-36 ~]# mongod -f /ivargo/app/mongodb/conf/mongo.conf --auth
我们原来的配置文件
[root@prd3-mysql-0-36 ~]# cat /ivargo/app/mongodb/conf/mongo.conf
security:
authorization: disabled //只需要把 disabled 改成enabled 就可以了
这样改可以了,下面是我们的测试结果
authorization: disabled 上面的配置文件改成 authorization: enabled
然后重启mongodb就可以了
[root@prd3-mysql-0-36 ~]# mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> show dbs;
2019-05-21T14:28:35.425+0800 E QUERY [js] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "command listDatabases requires authentication",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1
shellHelper.show@src/mongo/shell/utils.js:876:19
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1
> use admin
switched to db admin
> db.uWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
db.u
admin.u
>
>
>
> use admin
switched to db admin
> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
db.auth('vargo','vargo123')
1
> show dbs;
admin 0.000GB
config 0.000GB
dbabd 0.000GB
local 0.000GB
> exit
bye
[root@prd3-mysql-0-36 ~]# mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
db.auth('majihui','majihui123')
1
> show dbs
dbabd 0.000GB
> exit
bye
综合性实验小结:
第二步:在无密码的状态下创建最高权限的用户 user_admin 密码为 xxx
我们创建一个超级用户
use admin
db.createUser(
{
user: "user_admin",
pwd: "xxx",
roles: [{ role: "root", db: "admin" }]
}
)
先在无密码的状态下具体操作如下:
[root@localhost data]# mongo -p 27017
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Server has startup warnings:
2019-05-28T21:03:52.718+0800 I CONTROL [main] ** WARNING: --rest is specified without --httpinterface,
2019-05-28T21:03:52.719+0800 I CONTROL [main] ** enabling http interface
2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten]
2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2019-05-28T21:03:53.380+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
2019-05-28T21:08:17.070+0800 I CONTROL [initandlisten]
2019-05-28T21:08:17.071+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2019-05-28T21:08:17.071+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2019-05-28T21:08:17.072+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2019-05-28T21:08:17.072+0800 I CONTROL [initandlisten]
> use admin
switched to db admin
> db.createUser(
... {
... user: "user_admin",
... pwd: "xxx",
... roles: [{ role: "root", db: "admin" }]
... }
... )
Successfully added user: {
"user" : "user_admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> show users;
{
"_id" : "admin.user_admin",
"user" : "user_admin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
//我们登录进去 进行测试 能登录 成功的
> use admin
switched to db admin
> db.auth('user_admin','xxx')
1
> show dbs
BlockchainTransaction 0.000GB
admin 0.000GB
analysis 0.005GB
apk-upgrade 0.000GB
autotest 0.000GB
blockchain 0.000GB
dubbo-monitor 0.000GB
local 0.000GB
logdb 0.000GB
test 0.000GB
vconference 0.001GB
vconsole 0.002GB
vemm-admin 0.003GB
vmessage 0.011GB
vphone 0.187GB
vstore_db 1.994GB
vtime 0.029GB
yapi 0.003GB
我们接下来用加密了的mongo 27017 做一次备份
具体操作如下:
mongodump -h localhost:27017 -o /ivargo/data/mgdbback/
实际操作如下语句
mongodump -h localhost:27017 -u user_admin -p xxx -o /ivargo/data/mgdbbackauth
//可以成功备份的
这里有一个问题就是,最高权限的用户 user_admin xxx 无法去单独的访问mongodb中的每个表
我们需要登录到每个表中更具每个不同的表创建权限
他下面有十几个库 就都这样执行 先user 单独的表 在设置
use BlockchainTransaction
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"BlockchainTransaction"}]
}
)
use analysis
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"analysis"}]
}
)