MongoDB权限管理之用户名和密码的操作(转)
本文我们介绍MongoDB权限管理,主要介绍的是如何设置用户名和密码。接下来我们就一一介绍。添加用户的时候必须满足以下两个条件:
1.有相关权限的情况下(后面会说)。
2.mongod没有加--auth的情况下(如果加了,你添加权限的话 会出现下面的情况)。
[*]> use admin
[*]
[*]switched to db admin
[*]
[*]> db.addUser('sa','sa')
[*]
[*]Fri Jul 22 14:31:13 uncaught exception: error {
[*]
[*]"$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",
[*]
[*]"code" : 10057
[*]
[*]}
[*]
[*]>
所以我们添加用户时必须先在没有加--auth的时候添加个superadmin。
服务起来后,进入./mongo。
[*]#./mongo
[*]
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> use admin
[*]
[*]switched to db admin
[*]
[*]> db.adduser('sa','sa')
[*]
[*]Fri Jul 22 14:34:24 TypeError: db.adduser is not a function (shell):1
[*]
[*]> db.addUser('sa','sa')
[*]
[*]{
[*]
[*]"_id" : ObjectId("4e2914a585178da4e03a16c3"),
[*]
[*]"user" : "sa",
[*]
[*]"readOnly" : false,
[*]
[*]"pwd" : "75692b1d11c072c6c79332e248c4f699"
[*]
[*]}
[*]
[*]>
这样就说明 已经成功建立了,然后我们试一下权限。
[*]> show collections
[*]
[*]system.indexes
[*]
[*]system.users
在没有加--auth的情况下 可以正常访问admin喜爱默认的两个表。
[*]> db.system.users.find()
[*]
[*]{ "_id" : ObjectId("4e2914a585178da4e03a16c3"), "user" : "sa", "readOnly" : false, "pwd" : "75692b1d11c072c6c79332e248c4f699" }>
已经成功建立。
下面把服务加上--auth的选项,再进入./mongo。
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> use admin
[*]
[*]switched to db admin
[*]
[*]> show collections
[*]
[*]Fri Jul 22 14:38:49 uncaught exception: error: {
[*]
[*]"$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",
[*]
[*]"code" : 10057
[*]
[*]}
[*]
[*]>
可以看出已经没有访问权限了。
我们就用自己的密钥登录下:
[*]> db.auth('sa','sa')
[*]
[*]1
返回1说明验证成功!
再show collections下就成功了。
.....
我们登录其它表试试:
[*]#./mongo
[*]
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> use test
[*]
[*]switched to db test
[*]
[*]> show collections
[*]
[*]Fri Jul 22 14:40:47 uncaught exception: error: {
[*]
[*]"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",
[*]
[*]"code" : 10057
[*]
[*]}
也需要验证,试试super admin登录:
[*]#./mongo
[*]
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> use test
[*]
[*]switched to db test
[*]
[*]> show collections
[*]
[*]Fri Jul 22 14:40:47 uncaught exception: error: {
[*]
[*]"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",
[*]
[*]"code" : 10057
[*]
[*]}
[*]
[*]> db.auth('sa','sa')
[*]
[*]0
返回0验证失败。
好吧,不绕圈子,其实super admin必须从admin那么登录 然后 再use其它表才可以。
[*]> use admin
[*]
[*]> use admin
[*]
[*]switched to db admin
[*]
[*]> db.auth('sa','sa')
[*]
[*]1
[*]
[*]> use test
[*]
[*]switched to db test
[*]
[*]> show collections
[*]
[*]>
如果想单独访问一个表,用独立的用户名,就需要在那个表里面建相应的user。
[*]#./mongo
[*]
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> use admin
[*]
[*]switched to db admin
[*]
[*]> db.auth('sa','sa')
[*]
[*]1
[*]
[*]> use test
[*]
[*]switched to db test
[*]
[*]> db.addUser('test','test')
[*]
[*]{
[*]
[*]"user" : "test",
[*]
[*]"readOnly" : false,
[*]
[*]"pwd" : "a6de521abefc2fed4f5876855a3484f5"
[*]
[*]}
[*]
[*]>
当然必须有相关权限才可以建立。
再登录看看:
[*]#./mongo
[*]
[*]MongoDB shell version: 1.8.2
[*]
[*]connecting to: test
[*]
[*]> show collections
[*]
[*]Fri Jul 22 14:45:08 uncaught exception: error: {
[*]
[*]"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",
[*]
[*]"code" : 10057
[*]
[*]}
[*]
[*]> db.auth('test','test')
[*]
[*]1
[*]
[*]> show collections
[*]
[*]system.indexes
[*]
[*]system.users
[*]
[*]>
页:
[1]