MongoDB permission settings-user name, password, port

First, about the default configuration of permissions

By default, Mongod is listening on top of 0.0.0.0, and any client can connect directly to 27017 without authentication. The advantage of this is that users can get started without worrying about being distracted by a bunch of configurations. However, the downside is obvious, if you build MongoDB directly on a public server, everyone can access and modify the database data directly.

By default, Mongod also does not have an administrator account. So unless you add an administrator account using the Db.adduser () command in the Admin database and start Mongod with the –auth parameter, anyone in the database can execute all commands without authentication. Includes delete and shutdown.

In addition, the Mongod will listen to port 28017 by default, as well as bind all IPs. This is a mongod self-brought web monitoring interface. You can get information about the database current connection, log, state, running system, and so on. If you turn on the –rest parameter, you can even query the data directly from the Web interface and execute the mongod command.

In fact, MongoDB itself has very detailed security configuration guidelines, obviously the developer also thought, but he is the security of the task to the user to solve, the strategy is to favor the ease of use, for security, you have to step aside.

Ii. MongoDB User Type

MongoDB users are divided into two types, one is the admin user, the other is a specific database user. The Admin user has the highest permissions, while a specific database user can only access a specific database. When there is no user in the admin library of MongoDB, that is, the whole MongoDB does not have a MongoDB user, even if the –auth permission needs to open, the user can also enter MongoDB through the localhost interface to user settings, Otherwise, the whole mongodb is completely inaccessible. And when the user is created, then the user login and operation will need to authorize, not directly log on to use.

MongoDB has a strange setting is that even if it is an admin user, authorization must be done under the Admin database, but not in other databases. After authorization, the Admin user can do anything under any database. Of course, database-level users cannot operate on other databases until they are authorized under their own database. For example:

> Use test
> Db.auth ("Someadminuser", password)

The operation failed, prompting that the Afmin user is not authorized under the Admin database.

Third, operation example

Start MongoDB and enter the bin directory of the database in the cmd command box;

1. Enter the command: Show DBS, you will find it built with two databases, a name of admin, a name of local; This article only describes the Admin library

2. Enter the command: Use admin, you will find that the DB contains a collection named System.user, which is the user table, used to store the Super Administrator's

Note: This article uses the database version is 2.0.1, there is no default admin database, but after the second step to automatically create an admin library, of course there is no default System.user table, run after the third step is automatically created System.user and System.indexes)

3. Enter command: Db.adduser (' root ', ' root '), here I add a super Admin user, username for Root,password is also root. First exit the (CTRL + C) program, test restart the service after the connection to MongoDB if you need to follow the prompts to enter the user name, password to operate.

4. Input command: Use admin

5. Enter the command: Show collections, view all the tables under the library, you will find that MongoDB does not prompt you to enter the user name, password, because, at the beginning of the article mentioned, mongodb default set to No access restrictions, We need to set it up first to require access

6. From the new CMD, under the bin directory of the MongoDB path, execute Mongod--dbpath d:\work\data\mongodb\db--auth

7. Input command: Use admin

8. Enter command: Show collections, prompt: "$err": "Unauthorized db:admin lock Type:-1 client:127.0.0.1"

Obviously, no permissions have been prompted; access the collection with the user name and password you just set

9. Enter command: Db.auth ("root", "root"), output a result value of 1, indicating that the user matches, if the user name, password is not correct, the output is 0

10. Enter command: Show collections, results will be displayed successfully

To continue, you can access the database that already exists, but you still do not have permission for the newly created database; continue, exit the (CTRL + C) service first

11. Input command: MONGO TestDB

12. Enter command: Show collections, hint: no permissions

13. Enter the command: Db.auth ("root", "root"), the output is 0, indicating that the user name or password has a problem, just before the creation, how can it be wrong? The reason: When we visit the MongoDB database separately, the user name password is not the Super administrator, but the user in the library's System.user table, note that I am talking about the situation of individual access , what is What about a situation where there is no separate access ? Let's talk about it later. For the above scenario, proceed as follows:

14. Input command: db.adduser (' Test ', ' 111111 '), still prompt no permissions, the new database using the Super Administrator also cannot access, create the user also does not have the permission, but then set the Super Administrator user, it must have access to all libraries

15. Input command: Use admin

16. Input command: Db.auth ("root", "root")

17. Input command: Use TestDB

18. Enter the command: Show collections, then you can take advantage of the Super Administrator user access to other libraries, this is not a separate access situation. In the above operation process, we first go to the Admin library, and then to other libraries, admin equivalent is the highest level of users in the region, to the database operations, need to go through the highest level of users, then you can create each database user.

19. Input command: db.adduser (' Test ', ' 12345 '), we add a user to the TestDB library, each time I access the library, I use the user just created, we first exit (CTRL + C)

20. Input command: MONGO TestDB

21. Enter command: Show collections, prompt without permission

22. Input command: Db.auth (' Test ', ' 12345 '), output 1, user present, validation successful

23. Enter command: Show collections, successful display results

Iv. start and close various parameters of MongoDB

See: http://blog.csdn.net/pgwindwind/article/details/8005262

For example, to change the default port of MongoDB, you can use the--port parameter as follows:

Open cmd, under the bin directory of the MongoDB path, execute mongod--port 50107--dbpath d:\work\data\mongodb\db--auth

In this way, access to MongoDB is accessed at 50107 ports.

MongoDB permission Settings-user name, password, port