資料庫的權限有四種
- readAnyDatabase 任何資料庫的唯讀權限
- userAdminAnyDatabase 任何資料庫的讀寫權限
- userAdminAnyDatabase 任何資料庫用戶的管理權限
- dbAdminAnyDatabase 任何資料庫的管理權限
以往在啟動 mongodb 時,就直接指定 mongod.conf
mongod -f $MONGODB_HOME/conf/mongod.conf這時候可用 mongo client 連接資料庫
./mongo查看有沒有 users
db.system.users.find()查看 user
show users建立 admin 資料庫的管理者帳號
use admin
db.createUser({
user : "root",
pwd : "password",
roles : [
"clusterAdmin",
"dbAdminAnyDatabase",
"userAdminAnyDatabase",
"readWriteAnyDatabase"
]
})重新啟動 mognodb (加上 --auth 參數)
mongod --auth -f $MONGODB_HOME/conf/mongod.conf再次查看 users
> use admin
> db.system.users.find()
Error: error: {
"ok" : 0,
"errmsg" : "command find requires authentication",
"code" : 13,
"codeName" : "Unauthorized"
}
> show users
2020-09-02T11:36:48.994+0800 E QUERY [js] Error: command usersInfo requires authentication :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1763:1
shellHelper.show@src/mongo/shell/utils.js:859:9
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1驗證後,就可以查看 users
> use admin
switched to db admin
> db.auth("root", "password")
1
> show users
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}針對資料庫,建立管理者
use admin
db.createUser({
user : "maxkit",
pwd : "password",
roles : [
{role:"readWrite", db:"larzio"}
]
})針對資料庫,建立一般使用者
use larzio
db.createUser({
user : "maxkit",
pwd : "max168kit",
roles : [
{role:"readWrite", db:"larzio"}
]
})刪除帳號
use admin
db.dropUser("maxkit")關閉 mognodb
mongo 127.0.0.1:27017 -u root -p 'password' --authenticationDatabase 'admin' --eval "db.getSiblingDB('admin').shutdownServer()"
沒有留言:
張貼留言