MongoDB permission management-user name and password operations

 

By default, users can log on to apsaradb for MongoDB without entering the user name and password. However, for the sake of security, we still need to set the user name and password for it. This document describes how to operate the username and password of MongoDB permission management.

AD:

This document introducesMongoDB permission managementThis section describes how to set the user name and password. Next we will introduce them one by one.

The following conditions must be met when adding a user:

1. If you have the relevant permissions (I will talk about it later ).

2. When mongod does not add -- auth (if it is added, the following situation occurs when you add permissions ).

 
 

  
  
> use admin    
  
  
 
  
  
switched to db admin    
  
  
 
  
  
> db.addUser('sa','sa')    
  
  
 
  
  
Fri Jul 22 14:31:13 uncaught exception: error {    
  
  
 
  
  
"$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",    
  
  
 
  
  
"code" : 10057    
  
  
 
  
  
}    
  
  
 
  
  
>    
 
 

Therefore, when adding a user, we must first add a super admin when -- auth is not added.

After the service is started, enter./Mongo.

 
 

  
  
[root@:/usr/local/mongodb/bin]#./mongo    
  
  
 
  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> use admin    
  
  
 
  
  
switched to db admin    
  
  
 
  
  
> db.adduser('sa','sa')    
  
  
 
  
  
Fri Jul 22 14:34:24 TypeError: db.adduser is not a function (shell):1    
  
  
 
  
  
> db.addUser('sa','sa')    
  
  
 
  
  
{    
  
  
 
  
  
"_id" : ObjectId("4e2914a585178da4e03a16c3"),    
  
  
 
  
  
"user" : "sa",    
  
  
 
  
  
"readOnly" : false,    
  
  
 
  
  
"pwd" : "75692b1d11c072c6c79332e248c4f699"    
  
  
 
  
  
}    
  
  
 
  
  
>    
 
 

In this case, the permission has been successfully created, and we will try the permission.

 
 

  
  
> show collections    
  
  
 
  
  
system.indexes    
  
  
 
  
  
system.users   
 
 

Without -- auth, you can access the default two tables that admin prefers.

 
 

  
  
> db.system.users.find()    
  
  
 
  
  
{ "_id" : ObjectId("4e2914a585178da4e03a16c3"), "user" : "sa", "readOnly" : false, "pwd" : "75692b1d11c072c6c79332e248c4f699" }>    
 
 

Created successfully.

Add the -- auth option to the service and then enter./Mongo.

 
 

  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> use admin    
  
  
 
  
  
switched to db admin    
  
  
 
  
  
> show collections    
  
  
 
  
  
Fri Jul 22 14:38:49 uncaught exception: error: {    
  
  
 
  
  
"$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",    
  
  
 
  
  
"code" : 10057    
  
  
 
  
  
}    
  
  
 
  
  
>    
 
 

You can see that you have no access permission.

We can log on with our own key:

 
 

  
  
> db.auth('sa','sa')    
  
  
 
  
  
1   
 
 

1 indicates that the verification is successful!

Then show collections.

.....

Try logging on to another table:

 
 

  
  
[root@:/usr/local/mongodb/bin]#./mongo    
  
  
 
  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> use test    
  
  
 
  
  
switched to db test    
  
  
 
  
  
> show collections    
  
  
 
  
  
Fri Jul 22 14:40:47 uncaught exception: error: {    
  
  
 
  
  
"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",    
  
  
 
  
  
"code" : 10057    
  
  
 
  
  
}   
 
 

You also need to verify. Try super Admin Logon:

 
 

  
  
[root@:/usr/local/mongodb/bin]#./mongo    
  
  
 
  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> use test    
  
  
 
  
  
switched to db test    
  
  
 
  
  
> show collections    
  
  
 
  
  
Fri Jul 22 14:40:47 uncaught exception: error: {    
  
  
 
  
  
"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",    
  
  
 
  
  
"code" : 10057    
  
  
 
  
  
}    
  
  
 
  
  
> db.auth('sa','sa')    
  
  
 
  
  
0   
 
 

0 Verification Failed.

Well, it's not going around. In fact, super admin must log on from Admin and then use other tables.

 
 

  
  
> use admin    
  
  
 
  
  
> use admin  
  
  
 
  
  
switched to db admin    
  
  
 
  
  
> db.auth('sa','sa')    
  
  
 
  
  
1    
  
  
 
  
  
> use test    
  
  
 
  
  
switched to db test    
  
  
 
  
  
> show collections    
  
  
 
  
  
>    
 
 

If you want to access a table separately and use an independent user name, you need to create the corresponding user in the table.

 
 

  
  
[root@:/usr/local/mongodb/bin]#./mongo    
  
  
 
  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> use admin    
  
  
 
  
  
switched to db admin    
  
  
 
  
  
> db.auth('sa','sa')    
  
  
 
  
  
1    
  
  
 
  
  
> use test    
  
  
 
  
  
switched to db test    
  
  
 
  
  
> db.addUser('test','test')    
  
  
 
  
  
{    
  
  
 
  
  
"user" : "test",    
  
  
 
  
  
"readOnly" : false,    
  
  
 
  
  
"pwd" : "a6de521abefc2fed4f5876855a3484f5"    
  
  
 
  
  
}    
  
  
 
  
  
>    
 
 

Of course, you must have the relevant permissions before you can create a project.

Log on again and see:

 
 

  
  
[root@:/usr/local/mongodb/bin]#./mongo    
  
  
 
  
  
MongoDB shell version: 1.8.2    
  
  
 
  
  
connecting to: test    
  
  
 
  
  
> show collections    
  
  
 
  
  
Fri Jul 22 14:45:08 uncaught exception: error: {    
  
  
 
  
  
"$err" : "unauthorized db:test lock type:-1 client:127.0.0.1",    
  
  
 
  
  
"code" : 10057    
  
  
 
  
  
}    
  
  
 
  
  
> db.auth('test','test')    
  
  
 
  
  
1    
  
  
 
  
  
> show collections    
  
  
 
  
  
system.indexes    
  
  
 
  
  
system.users    
  
  
 
  
  
>