mongodb的使用者認證

最後更新：2018-07-26 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

mongodb預設是不認證的，預設沒有帳號，只要能串連上服務就可以對資料庫進行各種操作，mongodb認為安全最好的方法就是在一個可信的環境中運行它，保證之後可信的機器才能訪問它，可能這些對一些要求高的環境，安全還不夠
mongodb提供使用者認證，需要在啟動時加上--auth開啟認證

認證前需要添加帳號

添加管理員帳號：
預設情況下系統中沒有使用者
> use admin --切換到admin庫
switched to db admin
> db.system.users.find();
> db.addUser("super","super") --添加超級使用者
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "super", "roles" : [ "root" ] }

> db.system.users.find(); --查詢添加的使用者
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
>
添加普通帳號：
> use test --切換到test庫添加普通使用者
switched to db test
> db.addUser("test","test")
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "test", "roles" : [ "dbOwner" ] }

添加唯讀帳號：
> db.addUser("readonly","readonly",true) --添加唯讀使用者
WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' inste
ad
Successfully added user: { "user" : "readonly", "roles" : [ "read" ] }
>
查詢剛剛添加的所有使用者：
> use admin
switched to db admin
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.db1", "user" : "db1", "db" : "test", "credentials" : { "MONGODB-
CR" : "08a3bfa3cdef4464c4738a7180465adf" }, "roles" : [ { "role" : "dbOwner", "d
b" : "test" } ] }
{ "_id" : "admin.super", "user" : "super", "db" : "admin", "credentials" : { "MO
NGODB-CR" : "9c93023a901c2adf9c7377076b8c963a" }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
{ "_id" : "test.test", "user" : "test", "db" : "test", "credentials" : { "MONGOD
B-CR" : "a6de521abefc2fed4f5876855a3484f5" }, "roles" : [ { "role" : "dbOwner",
"db" : "test" } ] }
{ "_id" : "test.readonly", "user" : "readonly", "db" : "test", "credentials" : {
"MONGODB-CR" : "68eda9b099ddb587da03a33273a9f4da" }, "roles" : [ { "role" : "re
ad", "db" : "test" } ] }
>

以--auth啟動mongodb開啟認證
E:\mongodb\bin>mongod -f e:/mongodb/mongodb.conf
2014-09-14T11:12:07.609+0800
2014-09-14T11:12:07.609+0800 warning: 32-bit servers don't have journaling enabl
ed by default. Please use --journal if you want durability.
2014-09-14T11:12:07.609+0800
mongodb.conf檔案內容如下，添加了auth=true
dbpath=E:\mongodb\data
logpath=E:\mongodb\log\mongodb.log
logappend=true
bind_ip=127.0.0.1
port=27019
#fork=true
master=true
auth=true

驗證安全認證：
> use admin
switched to db admin
> show dbs   --沒有認證查看資料庫報錯
2014-09-14T13:28:45.953+0800 listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
        "code" : 13
} at src/mongo/shell/mongo.js:47
>
> db.auth("super","super") ---認證後再次查看ok
1
> show dbs
admin    0.078GB
local    0.078GB
test     0.078GB
wangwei 0.078GB
>
普通使用者認證

> show dbs   --沒有認證查看資料
2014-09-14T13:31:19.265+0800 listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
        "code" : 13
} at src/mongo/shell/mongo.js:47

> db.auth("test","test")
1
> show dbs --認證後查看資料庫還報錯，原因這個使用者屬於test不屬於admin
2014-09-14T13:33:30.062+0800 listDatabases failed:{
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { listDatabases:
1.0 }",
        "code" : 13
} at src/mongo/shell/mongo.js:47
>

E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.insert({"id":222}) --沒有認證情況插入文檔失敗
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('5415292f131751676caa7881'), id: 222.0 }
], ordered: true }"
        }
})
> db.auth("test","test")   --認證後插入文檔成功
1
> db.mycol.insert({"id":222})
WriteResult({ "nInserted" : 1 })
>

唯讀使用者認證
E:\mongodb\bin>mongo 127.0.0.1:27019
MongoDB shell version: 2.6.4
connecting to: 127.0.0.1:27019/test
> db.mycol.find() --沒有認證查詢失敗
error: { "$err" : "not authorized for query on test.mycol", "code" : 13 }
> db.auth("readonly"."readonly")
2014-09-14T13:38:16.265+0800 SyntaxError: Unexpected string
> db.auth("readonly","readonly")
1
> db.mycol.find() --認證後查詢成功
{ "_id" : ObjectId("5415294b131751676caa7882"), "id" : 222 }
>
> db.mycol.insert({"id":5555}) --唯讀認證後，插入文檔失敗，原因使用者是唯讀
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on test to execute command { insert:
\"mycol\", documents: [ { _id: ObjectId('541529ead090e8f5c50762b9'), id: 5555.0
} ], ordered: true }"
        }
})
>

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More