mongodb 添加用戶和驗證

####mongodb版本 $ mongod --version
db version v3.0.7 git version: nogitversion

####添加admin用戶

use admin

switched to db admin

db.createUser({user:'admin',pwd:'password123',roles:[{role:'root',db:'admin'}]})

Successfully added user: {
	"user" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

####啓用auth

systemLog:
  destination: file
  path: /usr/local/var/log/mongodb/mongo.log
  logAppend: true
storage:
  dbPath: /usr/local/var/mongodb
net:
  bindIp: 127.0.0.1
#添加以下行
security:
  authorization: enabled

####從新啓動mongodb $ mongod -f /usr/local/etc/mongod.conf

####使用admin用戶登陸 > use admin

switched to db admin

> db.auth({user:'admin',pwd:'password123'})

1

> use db1

switched to db db1

> db.table1.find()

{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }

####新建readonly用戶 使用read-user用戶登陸發現只能對db1的執行查詢操做

db.createUser({user:'read-user',pwd:'123456',roles:[{role:'read',db:'db1'}]}) Successfully added user: { "user" : "read-user", "roles" : [ { "role" : "read", "db" : "db1" } ] }

> db.auth({user:'read-user',pwd:'123456'})

1

> show dbs

2016-04-04T11:22:56.549+0800 E QUERY    Error: listDatabases failed:{
	"ok" : 0,
	"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
	"code" : 13
}
    at Error (<anonymous>)
    at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
    at shellHelper.show (src/mongo/shell/utils.js:630:33)
    at shellHelper (src/mongo/shell/utils.js:524:36)
    at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47

> use db1

switched to db db1

> show tables

system.indexes
table1

> db.table1.find()

{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }

> db.table1.insert({"name" : "yi", "age" : 32 }) #執行插入報錯

WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on db1 to execute command { insert: \"table1\", documents: [ { _id: ObjectId('5701df5736ebd2a019bfb3f2'), name: \"yi\", age: 32.0 } ], ordered: true }"
	}
})

> use local

switched to db local

> db.startup_log.find() #在local庫中查詢報錯

Error: error: { "$err" : "not authorized for query on local.startup_log", "code" : 13 }