MongoDB opens user password access (5)

MongoDB opens user password access (5)

1. Enable access authentication

1. Mongdb does not enable security access verification when it starts by default. You need to add the --auth parameter when starting the service to start security verification.

2. Enable access authentication:

1. Start the mongodb service through the command - turn on authentication

[html]  view plain copy  

1. ./mongod --dbpath=/usr/local/mongodb/data --logpath=/usr/local/mongodb/logs --logappend  --port=27017 --fork --auth  

--fork specifies to run in the background

--auth turns on authentication

--dbpath specifies the database directory

--logpath specifies the log file

--logappend log cumulative addition

2. Start the mongodb service through the configuration file - turn on authentication

Add the auth=true configuration to the configuration file to enable security authentication.

Just start the service.

2. Create a mongoDB user

After enabling authentication, you need to provide a username and password when connecting to mongodb.

There are two types of mongodb users, one is an administrator and the other is an ordinary user.

Administrators manage common users, common users manage database data, so we need to create administrators first

1. To create an administrator, it must be created under the admin database. First, close the authentication.

2. Select admin

3. Create a user and password for the administrator

The following db must be admin

db.createUser({user:'admin',pwd:'admin',roles:[{role:'userAdminAnyDatabase',db:'admin'}]})

mongodb role type

• Database User Roles:

1. read: Grant User permission to read only data
2. readWrite: Grant User permission to read and write data

• Database Administration Roles:

1. dbAdmin: perform administrative operations in the current dB
2. dbOwner: perform arbitrary operations in the current DB
3. userAdmin: Manage User in the current DB

• Backup and Restoration Roles:

1. backup
2. restore

• Cross-database roles (All-Database Roles):

1. readAnyDatabase: Grants permission to read data on all databases
2. readWriteAnyDatabase: Grants permission to read and write data on all databases
3. userAdminAnyDatabase: Grants permission to manage User on all databases
4. dbAdminAnyDatabase: Grants permission to manage all databases

• Cluster Administration Roles:

1. clusterAdmin: Grants the highest authority to manage the cluster
2. clusterManager: Grants permission to manage and monitor the cluster, A user with this role can access the config and local databases, which are used in sharding and replication, respectively.
3. clusterMonitor: Grants the permission to monitor the cluster, and has readonly permission to the monitoring tool
4. hostManager: Management Server

4. Create a common user

db is the database to be operated

use shop  
db.createUser({user:'dev',pwd:'123456',roles:[{role:'dbOwner',db:'shop'}]})   

3. Turn on the authentication

1. Log in. In the mongo client interface, first switch to admin, and enter the user name and password to log in.

2. View system user information

3. Modify user password

db.changeUserPassword(username, password)

①, modify the user password, first log in with the administrator.

②, switch to the database managed by the user to be modified. For example, the shopuser user manages the shop database. First switch to the shop database.

③, and then modify the login password of the shopuser user

4. Delete user

①, delete the user, first log in with the administrator.

②, switch to the database managed by the user to be deleted. For example, the shopuser user manages the shop database. First switch to the shop database.

③, then delete the shopuser user