首页 > 代码库 > 用户权限控制之命令篇

用户权限控制之命令篇

背景:如果数据库启动没有启用权限控制,那么只要通过IP,PORT就能连上,危险性很高,所有要设置用户访问权限。
一.在未设置权限状态下,增加访问用户。
> use admin
switched to db admin
>db.system.users.find()
> db.createUser( {user:"myUserAdmin",
pwd:"abc123",
roles:[{role:"readWriteAnyDatabase",db:"admin"}]})
Successfully added user: {
"user" : "myUserAdmin",
"roles" : [ {
"role" : "readWriteAnyDatabase",
"db" : "admin" 
}
]
})

查询是否添加成功。
>db.system.users.find(){ "_id" : "admin.myUserAdmin", "user" : "myUserAdmin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "hSIiLvPDWvUQ7mIn8gQkHw==", "storedKey" : "EoE5VTTfT2wnyVPaGQXJfuaIY08=", "serverKey" : "cAoQwxuTGmJuswcG0rgQHME6A1Q=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }

二 mongodb数据库启动前要用户权限论证模式开启
命令启动方式:
>../../mongodb32/bin/mongod --auth --port 10001 --dbpath /usr/mongodbtest/sd2/data --logpath /usr/mongodbtest/sd2/log/mg.log --logappend --fork

三 无用户名密码登录

[root@localhost sd2]# ../../mongodb32/bin/mongo 192.168.1.55:10001
MongoDB shell version: 3.2.0
connecting to: 192.168.1.55:10001/test

show dbs

2016-01-21T17:22:45.486+0800 E QUERY [thread1] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:53:1
shellHelper.show@src/mongo/shell/utils.js:699:19
shellHelper@src/mongo/shell/utils.js:593:15
@(shellhelp2):1:1

use admin

switched to db admin //该语句能正常使用

db.location.count()

2016-01-21T17:24:35.836+0800 E QUERY [thread1] Error: count failed: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { count: \"location\", query: {}, fields: {} }",
"code" : 13
} :
_getErrorWithCode@src/mongo/shell/utils.js:23:13
DBQuery.prototype.count@src/mongo/shell/query.js:359:11
DBCollection.prototype.count@src/mongo/shell/collection.js:1609:12
@(shell):1:1

四 使用用户名密码登录
mongo --port 10001 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

[root@localhost bin]# mongo --port 10001 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin" 
MongoDB shell version: 3.2.0
connecting to: 127.0.0.1:10001/test

show dbs

admin 0.000GB
gwgps 0.000GB
local 0.000GB

use gwgps

switched to db gwgps

db.location.count()

7

db.location.find()

{ "_id" : ObjectId("56a0778ba88d08fdb6b30b23"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7692891, 32.06119564 ] }, "posSpeed" : NumberLong(50) } { "_id" : ObjectId("56a0779aa88d08fdb6b30b24"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7785248, 32.06083978 ] }, "posSpeed" : NumberLong(50) } { "_id" : ObjectId("56a077a3a88d08fdb6b30b25"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7929215, 32.05925674 ] }, "posSpeed" : NumberLong(50) } { "_id" : ObjectId("56a077aaa88d08fdb6b30b26"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7790411, 32.05290934 ] }, "posSpeed" : NumberLong(50) } { "_id" : ObjectId("56a077b1a88d08fdb6b30b27"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7909451, 32.0506315 ] }, "posSpeed" : NumberLong(50) } { "_id" : ObjectId("56a077b8a88d08fdb6b30b28"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7708792, 32.05242908 ] }, "posSpeed" : NumberLong(50) }

{ "_id" : ObjectId("56a077bea88d08fdb6b30b29"), "hostid" : "3000033", "hostno" : "苏34", "loc" : { "type" : "Point", "coordinates" : [ 118.7820485, 32.05615053 ] }, "posSpeed" : NumberLong(50) }

这样查询就没有问题了。

用户权限控制之命令篇