MongoDB permission and mongodb permission settings

MongoDB permission and mongodb permission settings

MongoDB does not set permissions by default, which is essentially different from mysql and oracle.

When the parameter -- auth is added during startup, the permissions are started. The biggest feature of mongoDB is database-oriented permissions. Except for the super administrator, the permissions of other users are exactly the same as those of the database.

Question 1: how to add users:

Use the db. addUser ('name', 'Password') statement to create a user.

MongoDB users are also divided into common users and super administrator users.Current tableThe permission of the Super administrator isMongodb Permissions. Normal users can only operate in their own tablespace, but cannot create other databases and query data of other data. If you need to create a database, you can only Log On As a super administrator.

User Creation Method
A. Create a user in login mode where no permissions are set.The user created in the admin database is a super administrator.,Users created in other databases only have the permissions of the current database..

B. Normal login users can create users under the current database, while logged-on Super Users can create any users under any database.

Question 2: How to log on

You can use db. auth ('name' password') to log on to the current database.

By default, mongoDB is connected to the database "test". If you log on to the Database "test", you can only view data in the database "Test. If you log on to a User in the database, you can only view data under the User.

To view the data of all databases and use global data such as show dbs, you must use a super administrator. How can you log on to the super administrator?

The super Administrator also has the default database, which is admin,Switch the database to admin, and then log on to the super Administrator using db. auth.After logging on, you can access any database CRUD and use show dbs.

When you log on to database A and database B, this is equivalent to having the permissions of both database A and database B, you can perform CRUD operations under these two databases freely. If your database has A, B, and C, you have logged on to the database A, B, and C, you can freely operate on these three databases.SimilarSuper administrator operation.

There is a users table in the admin database, through the database. system. users. find (); find all users. You can see that the super administrator roles is root, and other users role is dbowner, which indicates that only the permissions of the current database are available.

Conclusion: mongodb's data permissions are bound to databases. This is understandable because nosql databases cannot use join and other joint queries. A database corresponds to its own users, to query global data, you need to use the super administrator. The super Administrator also has its own database, that is, the database is admin, that is, inThe users created in the admin database are super administrators. The CRUD permissions of all databases.

Access Permissions for the mongodb set

Use keyFile. For details, see docs.mongodb.org/..curity.
 
How to Create a mongodb database with a user name and password

I'm so angry. Let's just put it down. Below is a part of my notes on mongodb.
By default, mongoDB user authentication is disabled.
Modify the/etc/cmdd. conf file. By default, any client in mongoDB can connect to port 27017 without authentication. By default, there is no administrator account. By modifying this configuration file, you can change it to permission authentication during login.
If you want to create a user for a database in mongoDB, you must first enter the database and then use the addUser command. You can also set the user to read-only (db. addUser ("jack", "jack", true), and the third parameter to indicate whether the user is a "read-only user ").

To use a super administrator, you must first connect to the admin database and log on to the administrator account, and then connect to other databases to exercise administrator privileges.

User information storage and authentication process

Similarly, MySQL saves system user information in the mysql. user table. MongoDB also saves the username and pwd of the system user in the admin. system. users collection. Pwd = md5 (username + ": mongo:" + real_password ). This is not a problem. Username And: mongo: It is equivalent to adding a salt value to the original password. Even if attackers obtain the md5 hash stored in the database, they cannot simply find the original password from the rainbow table.

Common permission management commands

1. # enter the database admin

Use admin

2. # Add or modify user passwords

Db. addUser ('name', 'pwd ')

3. # view the user list

Db. system. users. find ()

4. # User Authentication

Db. auth ('name', 'pwd ')
If this one returns 1, the authentication is successful. Only after the authentication is successful can the database be operated.

5. # delete a user

Db. removeUser ('name ')

6. # view all users

Show users

7. # view all databases

Show dbs

8. # view all collections

Show collections

9. # view the status of each collection

Db. printCollectionStats ()

10. # view master-slave replication status

Db. printReplicationInfo ()