User authentication for MongoDB (3.6.3)

Windows 10 Home Chinese version, MongoDB 3.6.3,

Objective

Just installed MongoDB, started the server-MONGOD Command , started the MongoDB shell-MONGO command , but the whole process is not used username, password! Shocked!

Originally, MongoDB default is no user authentication , there is no default user, therefore, all need to add themselves--security to the user's own responsibility .

However, MongoDB is a powerful and complete (pompous point, but it must be, but also to understand the last year or when the large number of MongoDB was black extortion of bitcoin) security mechanism, for user authentication, What is now known is that you can do the following things (and actually do more):

-Use--auth to start the user authentication when you start the MongoDB service (just start this one)

-Use Db.createuser (...) Add user

This article describes how to turn on MongoDB security authentication, how to add a user to MongoDB process, because the first day to play MongoDB, so, will not be more in-depth.

Note that the bin directory of the orphan MongoDB has been added to the environment variable path.

Turn on MONGODB security certification

Open terminal and execute the following command to view Mongod's usage information:

>mongod--help

You can see there is a--auth option under the General options, introduced when run with security, in the current understanding of the orphan, is to open MongoDB security certification, including user authentication, of course, there may be other authentication methods.

Create a new folder Mdb2dir (blank) and start the MongoDB service based on it:--auth is used, security authentication is turned on

However, there is no user information in the MongoDB database at this time, so no client can access the MongoDB server. You can connect using the MONGO command, but you will be prompted for an authentication error when executing the command.

Use Db.auth (...) at this time. Can not successfully complete the authentication with various parameters:

What to do? Add User first!

Turn off the MongoDB service and re-start with non-secure mode without the--auth option (second row):

----

note that the output information for starting the MONGO shell is only 3 lines, which is much less than the output information when MongoDB does not have security authentication enabled, compared to:

Note that the logging function is used in the above startup, so you can view the events that occur during the operation through the log file (which logs to be logged, what level is logged, how to control the log format ...). Need to see more information).

adding users to MongoDB

How do I add mongodb users? Read two blog posts--A 14-year, one 17-year, using Db.adduser (...) Add Users. Well, as a result, the lone MongoDB 3.6.3 has not supported this command anymore.

Use Db.help () to see that there is a db.createuser (...) Command:

Db.createuser (UserDocument)

I see it, but what's the userdocument? How do you use this command? At this point, the MONGO shell does not help to get more information about this function!

I saw it again. MONGO Shell command and Db.help () command, there is no way to know the use of this function.

Then, go to the official website to find it, the faster should be search engines-and then to the official website.

frustration enable Auth is just lonely want (not yet see, look at the Create the user Administrator subsection, but enough to add a user, actually also involved in the role):

Above is an example of frustration, from the structure, the above statement is written to some kind of script file, and then execute the script (JavaScript script?). How do you do it? The MONGO command has an option to execute the. js file ~).

is to add users yourself:

The first time only use the user, PWD, the result fails, prompt to roles;

The second addition succeeds, the new user name is SA, the role is useradminanydatabase (the lone thought that this role is accessible to any database, but the result is not);

SA user has been added to verify: Turn off the MONGO shell, MongoDB server, re-use the--auth option to open the MongoDB server, and then use the MONGO shell to connect to the MongoDB server.

Using the SA account to complete the authentication, the results of some actions are as follows: The user SA with the original role useradminanydatabase is not a panacea.

-The default MONGO Shell's DB display is test (what is this test?). What's the use? It's not a database! ), so authentication failed

-Switch to admin database, sa account authentication Successful

-You can execute the show DBS command, but the execution fails when you switch to the local database (this issue is related to the role and it also means that you are not familiar with this set of user rights mechanisms for MongoDB)

-authentication also fails under the local database, logic is correct

- failed to execute show collections in database admin (not supposed!). ）

Description, the Useradminanydatabase role from the name, is to establish administrator rights account and can access any database, in the above operation, based on its user SA does not realize the lone expectation, even in the admin database to execute show Collections all failed--NO! Don't you have this permission?

In the frustration built-in Roles , there is a detailed introduction to useradminanydatabase , beginning to say that users based on its role can not access the local, config two database (is the data for show collections related to these two databases?) ）：

It seems that you need to take a serious look at MongoDB User Rights Management related frustration before you can thoroughly understand.

Reference links

MongoDB permission settings-user name, password, port (by park friend Luck_mylife)

Frustration Enable Auth

Frustration built-in Roles

Postscript

What is the security mechanism of MongoDB? How to set up the user reasonably? Can I create a new character?

How to build a super user? You can use it to access all features--not safe, of course!

How to build a database? Not found in the MONGO shell, only clone, copy, repair, drop database operations.

Create record set (table): Db.createcollection

Add a record?

Delete a record?

Modify a record?

Find objects in a recordset (record?) ): Find () or find (...)

By the way, how can mongodb users modify it? Delete Has a dropuser (...) Function.

Keep dig!.

P.S. This article does not seem to be a lot of work Ah! Please forgive the reader!

User authentication for MongoDB (3.6.3)