MongoDB default is not authentication, default no account, as long as the service can be connected to the database for a variety of operations, MongoDB believes that the best way to security is in a trusted environment to run it, to ensure that the trusted machine to access it, perhaps these to some high-demand environment, security is not enough
MongoDB provides user authentication and needs to be added with--auth on start-up authentication
Need to add account before authentication
Add Administrator account:
By default, there are no users in the system
> Use admin--switch to admin library
Switched to DB admin
> Db.system.users.find ();
> Db.adduser ("Super", "Super")--Add Super User
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Super", "Roles": ["Root"]}
> Db.system.users.find (); --Query for added users
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
>
Add a regular account:
> Use test--switch to test library to add a normal user
Switched to DB test
> Db.adduser ("Test", "test")
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "Test", "Roles": ["Dbowner"]}
To add a read-only account:
> Db.adduser ("readonly", "ReadOnly", True)--add read-only user
Warning:the ' AddUser ' shell Helper is DEPRECATED. Please use ' CreateUser ' inste
Ad
Successfully added User: {"user": "readonly", "Roles": ["read"]}
>
Query all the users you just added:
> Use admin
Switched to DB admin
> Db.system.users.find ();
{"_id": "Admin.admin", "User": "admin", "db": "admin", "credentials": {"MO
NGODB-CR ":" 7c67ef13bbd4cae106d959320af3f704 "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "TEST.DB1", "User": "DB1", "DB": "Test", "credentials": {"mongodb-
CR ":" 08A3BFA3CDEF4464C4738A7180465ADF "}," Roles ": [{" Role ":" Dbowner "," D
B ":" Test "}]}
{"_id": "Admin.super", "User": "Super", "db": "admin", "credentials": {"MO
NGODB-CR ":" 9c93023a901c2adf9c7377076b8c963a "}," Roles ": [{" Role ":" Root ",
"DB": "Admin"}]}
{"_id": "Test.test", "User": "Test", "DB": "Test", "credentials": {"MONGOD
B-CR ":" A6de521abefc2fed4f5876855a3484f5 "}," Roles ": [{" Role ":" Dbowner ",
"DB": "Test"}]}
{"_id": "Test.readonly", "User": "readonly", "DB": "Test", "credentials": {
"MONGODB-CR": "68eda9b099ddb587da03a33273a9f4da"}, "Roles": [{"Role": "Re
Ad "," DB ":" Test "}]}
>
Start MongoDB with--auth
e:\mongodb\bin>mongod-f e:/mongodb/mongodb.conf
2014-09-14t11:12:07.609+0800
2014-09-14t11:12:07.609+0800 warning:32-bit servers don ' t has journaling enabl
Ed by default. Please use the--journal if you want durability. The contents of the
2014-09-14t11:12:07.609+0800
mongodb.conf file are as follows, adding auth=true
Dbpath=e:\mongodb\data
Logpath=e:\ Mongodb\log\mongodb.log
Logappend=true
bind_ip=127.0.0.1
port=27019
#fork =true
Master=true
Auth=true
Verify Security Authentication:
> Use admin
switched to DB admin
> Show dbs -No authentication Check database error
2014-09-14t13:28:45 .953+0800 listdatabases failed:{
"OK": 0,
"errmsg": "Not authorized in Admin to execute command {listdatabases:
1.0}",
&nb sp; "code":
} at src/mongo/shell/mongo.js:47
;
> Db.auth ("Super", " Super ") ---certification again check OK
1
> Show dbs
admin 0.078GB
local 0.078GB
test 0.078GB
wangwei 0.078GB
;
General user authentication
> Show DBS-no authentication view data
2014-09-14t13:31:19.265+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47
> Db.auth ("Test", "test")
1
> Show DBS--Authentication after viewing database also reported error, reason this user belongs to test does not belong to admin
2014-09-14t13:33:30.062+0800 listdatabases failed:{
"OK": 0,
"ErrMsg": "Not authorized on Admin to execute command {listdatabases:
1.0} ",
"Code": 13
} at src/mongo/shell/mongo.js:47
>
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.insert ({"id": 222})--Failed to insert document without authentication
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 5415292f131751676caa7881 '), id:222.0}
], ordered:true} "
}
})
> Db.auth ("Test", "test")--the document was successfully inserted after authentication
1
> Db.mycol.insert ({"id": 222})
Writeresult ({"ninserted": 1})
>
Read-only user authentication
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB Shell version:2.6.4
Connecting To:127.0.0.1:27019/test
> Db.mycol.find ()--No authentication query failed
Error: {"$err": "Not authorized for query on Test.mycol", "Code": 13}
> Db.auth ("readonly". " ReadOnly ")
2014-09-14t13:38:16.265+0800 syntaxerror:unexpected String
> Db.auth ("readonly", "ReadOnly")
1
> Db.mycol.find ()--Successful after authentication
{"_id": ObjectId ("5415294b131751676caa7882"), "id": 222}
>
> Db.mycol.insert ({"id": 5555})--read-only authentication, insert document failed because user is read-only
Writeresult ({
"Writeerror": {
"Code": 13,
"ErrMsg": "Not authorized on test to execute command {insert:
\ "Mycol\", documents: [{_id:objectid (' 541529ead090e8f5c50762b9 '), id:5555.0
}], ordered:true} "
}
})
>