MONGODB Authority authentication

The use of MongoDB was initiated from version 2.4, but the rights management was relatively straightforward. And I didn't get it.

Now look back at several versions of Rights management and see the changes between versions.

and the cluster and the single machine are also very different,

The following is a simple configuration of an environment to test with version 2.6.

Create a clustered environment:



config={_id: ' Test1 ', members:[{_id:0,host: ' 192.168.2.113:27001 ', priority:10},{_id:1,host: ' 192.168.2.113:27002 ', Priority:8}]}}
Rs.initiate (config)

Rs.addarb (' 192.168.2.113:27003 ')




Configure two users:


Use admin
#数据库管理员
Db.createuser ({User: ' admin ', pwd: ' 123 ', Roles:[{role: ' Useradminanydatabase ', db: ' admin '}})
#系统管理员
Db.createuser ({User: ' root ', pwd: ' 123 ', roles:[{role: ' Root ', db: ' admin '}})

#test
Use test;
Db.createuser ({User: ' Tang ', pwd: ' 123 ', Roles:[{role: ' Useradminanydatabase ', db: ' admin '},{role: ' Root ', db: ' admin '}] });
Db.createuser ({User: ' Test ', pwd: ' 123456 ', roles:[{role: ' Dbadmin ', DB: ' Test '}]}

#建立一个test read-only permission user
Db.createuser ({User: ' readonly ', pwd: ' 123456 ', roles:[{role: ' Read ', DB: ' Test '}]}



#生成对 a user with read and write access to the TEST library
Db.createuser ({User: ' user ', pwd: ' 123 ', Roles:[{role: ' ReadWrite ', DB: ' Test '},{role: ' Dbadmin ', DB: ' Test '}]}


#生成一个对所有库都有读写的用户
Use admin;

Db.createuser ({User: ' Wang ', pwd: ' 123 ', Roles:[{role: ' Readwriteanydatabase ', db: ' admin '}})

Build a test library


Use test

for (var i=1; i<=100; i++) {
Mid=parseint (i/100);
Db.test.insert ({_id:i,mid:mid,ts:new Date ()});
};

#论证

test1:primary> Use admin
Test1:primary> Db.auth (' Wang ', ' 123 ')
1
test1:primary> Use test
Switched to DB test
Test1:primary> Db.test.find ()
{"_id": 1, "Mid": 0, "ts": Isodate ("2016-03-23t06:43:59.625z")}
{"_id": 2, "mid": 0, "ts": Isodate ("2016-03-23t06:44:00.131z")}
{"_id": 3, "Mid": 0, "ts": Isodate ("2016-03-23t06:44:00.132z")}

Test1:primary> Use Mallcoo
Switched to DB Mallcoo
Test1:primary> Show tables;
App
System.indexes
Test1:primary> Db.app.find ()
{"_id": 1, "name": "App Test"}
Test1:primary> Show DBS;
Mallcoo 0.078GB




Login:
./mongo-port 27001-u ' li '-P ' 123 '--authenticationdatabase test

#登录时加上认证的数据库名称如果是 the role of the *anydatabase class, that is admin.




#python Test Code

Import Pymongo
Import datetime

#test Read user
Test_conn = Pymongo. Mongoclient (' Mongodb://readonly:123456@192.168.2.113:27001/admin ')
test_db = Test_conn.test

Test_db.test.update ({"_id": 1},{"$set": {"Mid": 9999}})
#test_db. Authenticate (' Li ', password= ' 123 ')
Cur_test = Test_db.test.find (). Limit (10)
For row in Cur_test:
print ' id=%d,mid=%d '% (row["_id"],row[' mid '])

mallcoo_db = Test_conn. Mallcoo
Cur_app = Mallcoo_db.app.find ()
For row in Cur_app:
print ' id=%d,name=%s '% (row["_id"],row[' name '))



#配置

1. #生成key Documents
[Mongo@localhost ~]$ OpenSSL rand-base64 741 >/home/mongo/.ssh/mongodb_key--File content mining Base64 code
[Mongo@localhost ~] $chmod 600/home/mongo/.ssh/mongodb_key


2. Configuration file: (cluster nodes are added)

[Mongo@localhost bin]$ Cat rep_p.conf
dbpath=/mnt/mongodb/data2/v2_p/
Logpath=/mnt/mongodb/log/v2_plog.log
port=27001
Logappend=true
Fork=true
Replset=test1
oplogsize=100
Auth=true
Keyfile=/home/mongo/.ssh/mongodb_key

3. #使用参数文件启动

./mongod-f rep_p.conf

The mongodb3.0 version adds a dbowner role than the 2.6 version.
The MongoDB 3.2 version adds Clustermanager,clustermonitor,hostmanager,back, restore, and other administrative roles.

This also shows that MongoDB's privilege management function has been progressing.

(The Dbadmin role does not read and write database functionality, which is somewhat different from other database permissions.) ）