User authentication for MongoDB

Source: Internet
Author: User
Tags auth deprecated mongodb

MongoDB default is not authentication, default no account, as long as the service can be connected to the database for a variety of operations, MongoDB believes that the best way to security is in a trusted environment to run it, to ensure that the trusted machine to access it, perhaps these to some high-demand environment, security is not enough
MongoDB provides user authentication and needs to be added with--auth on start-up authentication

Need to add account before authentication

Add Administrator account:
By default, there are no users in the system
> Use admin--switch to admin library
Switched to DB admin
> Db.system.users.find ();
> Db.adduser ("Super", "Super")--Add Super User
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Super", "Roles": ["Root"]}

> Db.system.users.find (); --Query for added users
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
>
Add a regular account:
> Use test--switch to test library to add a normal user
Switched to DB test
> Db.adduser ("Test", "test")
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Test", "Roles": ["Dbowner"]}

To add a read-only account:
> Db.adduser ("readonly", "ReadOnly", True)--add read-only user
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "readonly", "Roles": ["read"]}
>
Query all the users you just added:
> Use admin
Switched to DB admin
> Db.system.users.find ();
{"_id": "Admin.admin", "User": "admin", "db": "admin", "credentials": {"MO
NGODB-CR ":" 7c67ef13bbd4cae106d959320af3f704 "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "TEST.DB1", "User": "DB1", "DB": "Test", "credentials": {"mongodb-
CR ":" 08A3BFA3CDEF4464C4738A7180465ADF "}," Roles ": [{" Role ":" Dbowner "," D
B ":" Test "}]}
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "Test.test", "User": "Test", "DB": "Test", "credentials": {"MONGOD
B-CR ":" A6de521abefc2fed4f5876855a3484f5 "}," Roles ": [{" Role ":" Dbowner ",
"DB": "Test"}]}
{"_id": "Test.readonly", "User": "readonly", "DB": "Test", "credentials": {
"MONGODB-CR": "68eda9b099ddb587da03a33273a9f4da"}, "Roles": [{"Role": "Re
Ad "," DB ":" Test "}]}
>

Start MongoDB with--auth
e:\mongodb\bin>mongod-f e:/mongodb/mongodb.conf
2014-09-14t11:12:07.609+0800
2014-09-14t11:12:07.609+0800 warning:32-bit servers don ' t has journaling enabl
Ed by default. Please use the--journal if you want durability. The contents of the
2014-09-14t11:12:07.609+0800
mongodb.conf file are as follows, adding auth=true
Dbpath=e:\mongodb\data
Logpath=e:\ Mongodb\log\mongodb.log
Logappend=true
bind_ip=127.0.0.1
port=27019
#fork =true
Master=true
Auth=true

Verify Security Authentication:
> Use admin
switched to DB admin
> Show dbs  -No authentication Check database error
2014-09-14t13:28:45 .953+0800 listdatabases failed:{
        "OK": 0,
         "errmsg": "Not authorized in Admin to execute command {listdatabases:
1.0}",
 &nb sp;      "code":
} at src/mongo/shell/mongo.js:47
;
> Db.auth ("Super", " Super ")  ---certification again check OK
1
> Show dbs
admin    0.078GB
local    0.078GB
test     0.078GB
wangwei  0.078GB
;
General user authentication

> Show DBS-no authentication view data
2014-09-14t13:31:19.265+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47

> Db.auth ("Test", "test")
1
> Show DBS--Authentication after viewing database also reported error, reason this user belongs to test does not belong to admin
2014-09-14t13:33:30.062+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47
>

E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.insert ({"id": 222})--Failed to insert document without authentication
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 5415292f131751676caa7881 '), id:222.0}
], ordered:true} "
}
})
> Db.auth ("Test", "test")--the document was successfully inserted after authentication
1
> Db.mycol.insert ({"id": 222})
Writeresult ({"ninserted": 1})
>

Read-only user authentication
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.find ()--No authentication query failed
Error: {"$err": "Not authorized for query on Test.mycol", "Code": 13}
> Db.auth ("readonly". " ReadOnly ")
2014-09-14t13:38:16.265+0800 syntaxerror:unexpected String
> Db.auth ("readonly", "ReadOnly")
1
> Db.mycol.find ()--Successful after authentication
{"_id": ObjectId ("5415294b131751676caa7882"), "id": 222}
>
> Db.mycol.insert ({"id": 5555})--read-only authentication, insert document failed because user is read-only
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 541529ead090e8f5c50762b9 '), id:5555.0
}], ordered:true} "
}
})
>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.