MONGODB Authority authentication

Source: Internet
Author: User
Tags auth base64 mongodb

The use of MongoDB was initiated from version 2.4, but the rights management was relatively straightforward. And I didn't get it.

Now look back at several versions of Rights management and see the changes between versions.

and the cluster and the single machine are also very different,

The following is a simple configuration of an environment to test with version 2.6.


Create a clustered environment:



config={_id: ' Test1 ', members:[{_id:0,host: ' 192.168.2.113:27001 ', priority:10},{_id:1,host: ' 192.168.2.113:27002 ', Priority:8}]}}
Rs.initiate (config)

Rs.addarb (' 192.168.2.113:27003 ')




Configure two users:


Use admin
#数据库管理员
Db.createuser ({User: ' admin ', pwd: ' 123 ', Roles:[{role: ' Useradminanydatabase ', db: ' admin '}})
#系统管理员
Db.createuser ({User: ' root ', pwd: ' 123 ', roles:[{role: ' Root ', db: ' admin '}})

#test
Use test;
Db.createuser ({User: ' Tang ', pwd: ' 123 ', Roles:[{role: ' Useradminanydatabase ', db: ' admin '},{role: ' Root ', db: ' admin '}] });
Db.createuser ({User: ' Test ', pwd: ' 123456 ', roles:[{role: ' Dbadmin ', DB: ' Test '}]}

#建立一个test read-only permission user
Db.createuser ({User: ' readonly ', pwd: ' 123456 ', roles:[{role: ' Read ', DB: ' Test '}]}



#生成对 a user with read and write access to the TEST library
Db.createuser ({User: ' user ', pwd: ' 123 ', Roles:[{role: ' ReadWrite ', DB: ' Test '},{role: ' Dbadmin ', DB: ' Test '}]}


#生成一个对所有库都有读写的用户
Use admin;

Db.createuser ({User: ' Wang ', pwd: ' 123 ', Roles:[{role: ' Readwriteanydatabase ', db: ' admin '}})





Build a test library


Use test

for (var i=1; i<=100; i++) {
Mid=parseint (i/100);
Db.test.insert ({_id:i,mid:mid,ts:new Date ()});
};

#论证

test1:primary> Use admin
Test1:primary> Db.auth (' Wang ', ' 123 ')
1
test1:primary> Use test
Switched to DB test
Test1:primary> Db.test.find ()
{"_id": 1, "Mid": 0, "ts": Isodate ("2016-03-23t06:43:59.625z")}
{"_id": 2, "mid": 0, "ts": Isodate ("2016-03-23t06:44:00.131z")}
{"_id": 3, "Mid": 0, "ts": Isodate ("2016-03-23t06:44:00.132z")}

Test1:primary> Use Mallcoo
Switched to DB Mallcoo
Test1:primary> Show tables;
App
System.indexes
Test1:primary> Db.app.find ()
{"_id": 1, "name": "App Test"}
Test1:primary> Show DBS;
Mallcoo 0.078GB




Login:
./mongo-port 27001-u ' li '-P ' 123 '--authenticationdatabase test

#登录时加上认证的数据库名称如果是 the role of the *anydatabase class, that is admin.




#python Test Code

Import Pymongo
Import datetime

#test Read user
Test_conn = Pymongo. Mongoclient (' Mongodb://readonly:123456@192.168.2.113:27001/admin ')
test_db = Test_conn.test

Test_db.test.update ({"_id": 1},{"$set": {"Mid": 9999}})
#test_db. Authenticate (' Li ', password= ' 123 ')
Cur_test = Test_db.test.find (). Limit (10)
For row in Cur_test:
print ' id=%d,mid=%d '% (row["_id"],row[' mid '])

mallcoo_db = Test_conn. Mallcoo
Cur_app = Mallcoo_db.app.find ()
For row in Cur_app:
print ' id=%d,name=%s '% (row["_id"],row[' name '))



#配置

1. #生成key Documents
[Mongo@localhost ~]$ OpenSSL rand-base64 741 >/home/mongo/.ssh/mongodb_key--File content mining Base64 code
[Mongo@localhost ~] $chmod 600/home/mongo/.ssh/mongodb_key


2. Configuration file: (cluster nodes are added)

[Mongo@localhost bin]$ Cat rep_p.conf
dbpath=/mnt/mongodb/data2/v2_p/
Logpath=/mnt/mongodb/log/v2_plog.log
port=27001
Logappend=true
Fork=true
Replset=test1
oplogsize=100
Auth=true
Keyfile=/home/mongo/.ssh/mongodb_key


3. #使用参数文件启动

./mongod-f rep_p.conf



The mongodb3.0 version adds a dbowner role than the 2.6 version.
The MongoDB 3.2 version adds Clustermanager,clustermonitor,hostmanager,back, restore, and other administrative roles.

This also shows that MongoDB's privilege management function has been progressing.


(The Dbadmin role does not read and write database functionality, which is somewhat different from other database permissions.) )

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.