MongoDB's Authorization and permissions

1, when you open the MongoDB service without adding any parameters, you can operate on the database arbitrarily, and can access the database remotely. If you specify the auth parameter when you start, you can authenticate the database with user authentication

$./mongod--auth >>./mongomongodb Shell version:1.8.1connecting to:test>show dbsadmin   (empty) Local   (empty)

　　

2. Add Users

MongoDB has an admin database by default when the installation is complete, and admin.system.users will save user information that is larger than the user rights set in other databases. when a user in admin.system.users is not present, even if Mongod is added--auth parameter at startup, if no user is added to the admin database, no authentication can be done at this time until the Admin.system.users A user was added.

Create the database Tage below and give Tage the user:> use Tage   switched to DB tage> Db.adduser ("Tage", "123") {         "user": "Tage",         " ReadOnly ": false,         " pwd ":" 1f66d5c4223029536080d41febe0ec33 "} in the admin library to create the root user:> use adminswitched to DB admin > Db.adduser ("Root", "123456") {         "user": "Root",         "readOnly": false,         "pwd": " 34e5772aa66b703a319641d42a47d696 "}

3. Verify the user

> Db.auth ("root", "123") 0     password error, return 0, verification failure > Db.auth ("Root", "123456")  1     validation succeeded, return 1

The following tests the user rights setting: $./mongo       login without username and password MongoDB shell version:1.8.1connecting to:test> use tageswitched to DB tage> D B.system.users.find () Error: {         "$err": "Unauthorized db:tage lock Type:-1 client:127.0.0.1",         "code": 10057

　　

4, the above verification instructions, login without specifying the user name and password, will be error. Specify user and password below

$./mongo-uroot-p123456  Specifies the user and password, but does not specify a library name MongoDB Shell version:1.8.1connecting to:testwed  3 21:30:42 Uncaug HT Exception:login failedexception:login failedmongodb Log on by default connection test library, if you do not specify the library name, will be error

5, the following tage Library user name login to verify:

$./mongo Tage-utage-p123mongodb Shell version:1.8.1connecting to:tage> db.system.users.find ()    operates on its own library, Have permission {"_id": ObjectId ("4e394c696b50a56254359088"), "user": "Tage", "readOnly": false, "pwd": "1f66d5c4223029536080d41fe Be0ec33 "}> use adminswitched to DB admin> Db.system.users.find () for other library operations, no permissions error: {         " $err ":" Unauthorized DB: Admin lock type:-1 client:127.0.0.1 ",         " code ": 10057}

6, under the admin Library under the root User Login to verify:

./mongo admin-uroot-p123456mongodb Shell version:1.8.1connecting to:admin> db.system.users.find () {"_id": ObjectId ("4e394caf6b50a56254359089"), "user": "Root", "readOnly": false, "pwd": "34e5772aa66b703a319641d42a47d696"}> use Ta geswitched to DB tage> Db.system.users.find ()   operates on other libraries with permission {"_id": ObjectId ("4e394c696b50a56254359088"), "user ":" Tage "," readOnly ": false," pwd ":" 1f66d5c4223029536080d41febe0ec33 "}

　　

7. MongoDB remote user connection

Syntax structure: mongo–uusername–ppwd serverip:port/dbname where port defaults to 27017$./mongo  -uroot-p123456 192.168.2.150/ Adminmongodb Shell version:1.8.1connecting to:192.168.2.150/admin> db.system.users.find () {"_id": ObjectId (" 4e394caf6b50a56254359089 ")," user ":" Root "," readOnly ": false," pwd ":" 34e5772aa66b703a319641d42a47d696 "}

　　

　　

MongoDB's Authorization and permissions