User authentication for MongoDB

MongoDB default is not authentication, default no account, as long as the service can be connected to the database for a variety of operations, MongoDB believes that the best way to security is in a trusted environment to run it, to ensure that the trusted machine to access it, perhaps these to some high-demand environment, security is not enough
MongoDB provides user authentication and needs to be added with--auth on start-up authentication

Need to add account before authentication

Add Administrator account:
By default, there are no users in the system
> Use admin--switch to admin library
Switched to DB admin
> Db.system.users.find ();
> Db.adduser ("Super", "Super")--Add Super User
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Super", "Roles": ["Root"]}

> Db.system.users.find (); --Query for added users
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
>
Add a regular account:
> Use test--switch to test library to add a normal user
Switched to DB test
> Db.adduser ("Test", "test")
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Test", "Roles": ["Dbowner"]}

To add a read-only account:
> Db.adduser ("readonly", "ReadOnly", True)--add read-only user
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "readonly", "Roles": ["read"]}
>
Query all the users you just added:
> Use admin
Switched to DB admin
> Db.system.users.find ();
{"_id": "Admin.admin", "User": "admin", "db": "admin", "credentials": {"MO
NGODB-CR ":" 7c67ef13bbd4cae106d959320af3f704 "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "TEST.DB1", "User": "DB1", "DB": "Test", "credentials": {"mongodb-
CR ":" 08A3BFA3CDEF4464C4738A7180465ADF "}," Roles ": [{" Role ":" Dbowner "," D
B ":" Test "}]}
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "Test.test", "User": "Test", "DB": "Test", "credentials": {"MONGOD
B-CR ":" A6de521abefc2fed4f5876855a3484f5 "}," Roles ": [{" Role ":" Dbowner ",
"DB": "Test"}]}
{"_id": "Test.readonly", "User": "readonly", "DB": "Test", "credentials": {
"MONGODB-CR": "68eda9b099ddb587da03a33273a9f4da"}, "Roles": [{"Role": "Re
Ad "," DB ":" Test "}]}
>

Start MongoDB with--auth
e:\mongodb\bin>mongod-f e:/mongodb/mongodb.conf
2014-09-14t11:12:07.609+0800
2014-09-14t11:12:07.609+0800 warning:32-bit servers don ' t has journaling enabl
Ed by default. Please use the--journal if you want durability. The contents of the
2014-09-14t11:12:07.609+0800
mongodb.conf file are as follows, adding auth=true
Dbpath=e:\mongodb\data
Logpath=e:\ Mongodb\log\mongodb.log
Logappend=true
bind_ip=127.0.0.1
port=27019
#fork =true
Master=true
Auth=true

Verify Security Authentication:
> Use admin
switched to DB admin
> Show dbs  -No authentication Check database error
2014-09-14t13:28:45 .953+0800 listdatabases failed:{
        "OK": 0,
         "errmsg": "Not authorized in Admin to execute command {listdatabases:
1.0}",
 &nb sp;      "code":
} at src/mongo/shell/mongo.js:47
;
> Db.auth ("Super", " Super ")  ---certification again check OK
1
> Show dbs
admin    0.078GB
local    0.078GB
test     0.078GB
wangwei  0.078GB
;
General user authentication

> Show DBS-no authentication view data
2014-09-14t13:31:19.265+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47

> Db.auth ("Test", "test")
1
> Show DBS--Authentication after viewing database also reported error, reason this user belongs to test does not belong to admin
2014-09-14t13:33:30.062+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47
>

E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.insert ({"id": 222})--Failed to insert document without authentication
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 5415292f131751676caa7881 '), id:222.0}
], ordered:true} "
}
})
> Db.auth ("Test", "test")--the document was successfully inserted after authentication
1
> Db.mycol.insert ({"id": 222})
Writeresult ({"ninserted": 1})
>

Read-only user authentication
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.find ()--No authentication query failed
Error: {"$err": "Not authorized for query on Test.mycol", "Code": 13}
> Db.auth ("readonly". " ReadOnly ")
2014-09-14t13:38:16.265+0800 syntaxerror:unexpected String
> Db.auth ("readonly", "ReadOnly")
1
> Db.mycol.find ()--Successful after authentication
{"_id": ObjectId ("5415294b131751676caa7882"), "id": 222}
>
> Db.mycol.insert ({"id": 5555})--read-only authentication, insert document failed because user is read-only
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 541529ead090e8f5c50762b9 '), id:5555.0
}], ordered:true} "
}
})
>