【MongoDB】開啟認證許可權

標籤：

 

1.

mongodb.conf ：

添加

auth=true

2.

 

 use admin （3.0+ 使用 createUser ;<3.0版本  http://www.cnblogs.com/guizi/archive/2012/11/20/2779500.html）

db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]  }  )  

> db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]  }  )Successfully added user: {        "user" : "root",        "roles" : [                {                        "role" : "userAdminAnyDatabase",                        "db" : "admin"                }        ]}

not authorized on test to execute command-MongoDB的許可權配置直接報Command ‘$eval‘ failed: not authorized on這個錯誤，可以確認是許可權的問題解決方案：在官網  http://docs.mongodb.org/manual/reference/command/eval/#dbcmd.eval 有一段描述：If authorization is enabled, you must have access to all actions on all resources in order to run eval. Providing such access is not recommended, but if your organization requires a user to run eval, create a role that grants anyAction on anyResource. Do not assign this role to any other user.解決步驟：1）不帶--auth參數啟動資料庫，所以不需要帳號即可連上MongoDB。2）建立一個角色，比如叫 sysadmin，需要先切換到admin庫進行如下操作：[C#] 純文字查看 複製代碼 > use adminswitched to db admin> db.createRole({role:‘sysadmin‘,roles:[],privileges:[{resource:{anyResource:true},actions:[‘anyAction‘]}]})3）然後，建立一個使用者，使用這個角色，注意，這個角色的db是admin，操作如下：[C#] 純文字查看 複製代碼 > use woplusswitched to db woplus> db.createUser({user:‘sa‘,pwd:‘sufeinet.com‘,roles:[{role:‘sysadmin‘,db:‘admin‘}]})好了現在重啟啟動資料庫帶上--auth就可以正常執行了

 

 

 

 

3.登陸

>  db.auth("admin","admin")Error: 18 Authentication failed.0> user admin2015-07-28T16:44:43.034+0800 E QUERY    SyntaxError: Unexpected identifier--這樣操作成功了> use adminswitched to db admin> db.auth("root","123456")1
--登陸失敗

> db.auth("root","111")
2015-07-28T16:52:51.352+0800 I NETWORK Socket recv() errno:10053 An established
connection was aborted by the software in your host machine. 127.0.0.1:27017
2015-07-28T16:52:51.367+0800 I NETWORK SocketException: remote: 127.0.0.1:27017
error: 9001 socket exception [RECV_ERROR] server [127.0.0.1:27017]
2015-07-28T16:52:51.367+0800 I NETWORK DBClientCursor::init call() failed
Error: error doing query: failed
0
2015-07-28T16:52:51.371+0800 I NETWORK trying reconnect to 127.0.0.1:27017 (127
.0.0.1) failed
2015-07-28T16:52:51.373+0800 I NETWORK reconnect 127.0.0.1:27017 (127.0.0.1) ok

 

 

不知道是不是這個原因，開啟 auth後 MongoVUE不能串連。

MongoVUE 是個比較好用的MongoDB用戶端，不過免費版在15天過後，不能使用gridfs，Server Monitoring等功能。

 

關於安全性操作還需要繼續研究

 

【MongoDB】開啟認證許可權