MongoDB middle level (MongoDB permission)

By default, MongoDB does not need to enter the user and password, so the client can log on. This security problem is serious.

There are also many examples on the Internet, but there are also many details that many people have not noticed me here by the way.

The following describes how to set the user name and password.

When adding a user, you must

1. If you have the relevant permissions (I will talk about it later)

2. When -- auth is not added to mongod. (If the permission is added, the following situations may occur if you add the permission)

> use adminswitched to db admin> db.addUser('sa','sa')Fri Jul 22 14:31:13 uncaught exception: error {        "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",        "code" : 10057}> 

Therefore, when adding a user, we must first add a super admin when -- auth is not added.

After the service is started, enter./Mongo

^_^[root@:/usr/local/mongodb/bin]#./mongoMongoDB shell version: 1.8.2connecting to: test> use adminswitched to db admin> db.adduser('sa','sa')Fri Jul 22 14:34:24 TypeError: db.adduser is not a function (shell):1> db.addUser('sa','sa'){        "_id" : ObjectId("4e2914a585178da4e03a16c3"),        "user" : "sa",        "readOnly" : false,        "pwd" : "75692b1d11c072c6c79332e248c4f699"}> 

In this way, it indicates that the permission has been successfully created. Then, let's try the permission.

> show collectionssystem.indexessystem.users

Without -- auth, you can access ADMIN's two favorite default tables.

> db.system.users.find()

{ "_id" : ObjectId("4e2914a585178da4e03a16c3"), "user" : "sa", "readOnly" : false, "pwd" : "75692b1d11c072c6c79332e248c4f699" }> 

Created successfully.

Add the -- auth option to the service.

Go to./Mongo.

MongoDB shell version: 1.8.2connecting to: test> use adminswitched to db admin> show collectionsFri Jul 22 14:38:49 uncaught exception: error: {        "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",        "code" : 10057}> 

You can see that you have no access permission.

We can log on with our own key:

> db.auth('sa','sa')1

1 indicates that the verification is successful!

Then show collections.

.....

Try logging on to another table:

^_^[root@:/usr/local/mongodb/bin]#./mongoMongoDB shell version: 1.8.2connecting to: test> use testswitched to db test> show collectionsFri Jul 22 14:40:47 uncaught exception: error: {        "$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",        "code" : 10057}

You also need to verify. Try logging on to super admin.

 ^_^[root@:/usr/local/mongodb/bin]#./mongoMongoDB shell version: 1.8.2connecting to: test> use testswitched to db test> show collectionsFri Jul 22 14:40:47 uncaught exception: error: {        "$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",        "code" : 10057}> db.auth('sa','sa')0

0 Verification Failed.

Well, it's not going around. In fact, super admin must log on from Admin and then use other tables.

> use admin

switched to db admin

> db.auth('sa','sa')1> use testswitched to db test> show collections> 

If you want to access a table with an independent user name, you need to create the corresponding user name in the table.

^_^[root@:/usr/local/mongodb/bin]#./mongoMongoDB shell version: 1.8.2connecting to: test> use adminswitched to db admin> db.auth('sa','sa')1> use testswitched to db test> db.addUser('test','test'){        "user" : "test",        "readOnly" : false,        "pwd" : "a6de521abefc2fed4f5876855a3484f5"}> 

Of course, you must have relevant permissions to create

Log on again and see:

^_^[root@:/usr/local/mongodb/bin]#./mongoMongoDB shell version: 1.8.2connecting to: test> show collectionsFri Jul 22 14:45:08 uncaught exception: error: {        "$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",        "code" : 10057}> db.auth('test','test')1> show collectionssystem.indexessystem.users>