mongoDB authentication
阿新 • • 發佈:2019-02-10
1. 最開始的時候,我們啟動mongodb,但是不包含--auth引數:
E:\MongoDB\bin>mongod --dbpath=E:\mongodb\db Thu Jul 04 16:31:58.700 [initandlisten] db version v2.4.4 Thu Jul 04 16:31:58.700 [initandlisten] git version: 4ec1fb96702c9d4c57b1e06dd34eb73a16e407d2 Thu Jul 04 16:31:58.700 [initandlisten] build info: windows sys.getwindowsversion(major=6, minor=0, build=6002, platform=2, servic e_pack='Service Pack 2') BOOST_LIB_VERSION=1_49 Thu Jul 04 16:31:58.700 [initandlisten] allocator: system Thu Jul 04 16:31:58.700 [initandlisten] options: { dbpath: "E:\mongodb\db" } Thu Jul 04 16:31:58.731 [initandlisten] Thu Jul 04 16:31:58.731 [initandlisten] ** WARNING: mongod started without --replSet yet 1 documents are present in local.system.r eplset Thu Jul 04 16:31:58.731 [initandlisten] ** Restart with --replSet unless you are doing maintenance and no other clients a re connected. Thu Jul 04 16:31:58.731 [initandlisten] ** The TTL collection monitor will not start because of this. Thu Jul 04 16:31:58.731 [initandlisten] ** For more info see http://dochub.mongodb.org/core/ttlcollections Thu Jul 04 16:31:58.731 [initandlisten] Thu Jul 04 16:31:58.981 [initandlisten] waiting for connections on port 27017 Thu Jul 04 16:31:58.981 [websvr] admin web console waiting for connections on port 28017
另開一Dos視窗,直接連線到test資料庫上:
E:\MongoDB\bin>mongo
MongoDB shell version: 2.4.4
connecting to: test
2. 連線到admin資料庫,在admin資料庫上建立一個使用者,這個使用者儲存在admin.system.users中,它的許可權比在其它資料庫中設定的使用者許可權更大。(當admin.system.users中一個使用者都沒有時,即使mongod啟動時添加了--auth引數,如果沒有在admin資料庫中新增使用者,此時不進行任何認證還是可以做任何操作,直到在admin.system.users中添加了一個使用者。)
> use admin switched to db admin > db.system.users.find() > db.addUser("allenlei","123456") { "user" : "allenlei", "readOnly" : false, "pwd" : "a9eadc99bab4734b32f5bc4148d866c6", "_id" : ObjectId("51d534878704a2ac963ed790") } > db.system.users.find() { "_id" : ObjectId("51d534878704a2ac963ed790"), "user" : "allenlei", "readOnly" : false, "pwd" : "a9eadc99bab4734b32f5bc4148d866c6 " } >
3. 現在admin資料庫中已經有使用者資訊了,我們關掉mongodb, 重新啟動,這次帶有--auth 引數。
E:\MongoDB\bin>mongod --dbpath=E:\mongodb\db --auth
Thu Jul 04 16:44:57.393 [initandlisten] db version v2.4.4
Thu Jul 04 16:44:57.393 [initandlisten] git version: 4ec1fb96702c9d4c57b1e06dd34eb73a16e407d2
Thu Jul 04 16:44:57.409 [initandlisten] build info: windows sys.getwindowsversion(major=6, minor=0, build=6002, platform=2, servic
e_pack='Service Pack 2') BOOST_LIB_VERSION=1_49
Thu Jul 04 16:44:57.409 [initandlisten] allocator: system
Thu Jul 04 16:44:57.409 [initandlisten] options: { auth: true, dbpath: "E:\mongodb\db" }
Thu Jul 04 16:44:57.440 [initandlisten]
Thu Jul 04 16:44:57.440 [initandlisten] ** WARNING: mongod started without --replSet yet 1 documents are present in local.system.r
eplset
Thu Jul 04 16:44:57.440 [initandlisten] ** Restart with --replSet unless you are doing maintenance and no other clients a
re connected.
Thu Jul 04 16:44:57.440 [initandlisten] ** The TTL collection monitor will not start because of this.
Thu Jul 04 16:44:57.440 [initandlisten] ** For more info see http://dochub.mongodb.org/core/ttlcollections
Thu Jul 04 16:44:57.440 [initandlisten]
Thu Jul 04 16:44:57.549 [websvr] admin web console waiting for connections on port 28017
Thu Jul 04 16:44:57.549 [initandlisten] waiting for connections on port 27017
4. 由於指定了-auth引數,那麼連線到資料庫上就需要提供登入賬戶,儘管不提供也可以登入到test這個預設資料庫,但是沒辦法操作:
E:\MongoDB\bin>mongo
MongoDB shell version: 2.4.4
connecting to: test
> show collections
Thu Jul 04 16:53:51.752 JavaScript execution failed: error: {
"$err" : "not authorized for query on test.system.namespaces",
"code" : 16550
} at src/mongo/shell/query.js:L128
>
5. 現在我們指定連線到admin資料庫,如果賬戶不對:
E:\MongoDB\bin>mongo --authenticationDatabase admin -u allenlei -p
MongoDB shell version: 2.4.4
Enter password:
connecting to: test
Thu Jul 04 16:56:55.569 JavaScript execution failed: Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } at src/mongo/shell/db.j
s:L228
exception: login failed
6. 奇怪的是,就算是賬戶正確,我的機器上也是顯示連線到test資料庫而不是admin。我需要轉到admin資料庫上,(root是建立在test資料庫上的賬戶)
E:\MongoDB\bin>mongo --authenticationDatabase admin -u allenlei -p
MongoDB shell version: 2.4.4
Enter password:
connecting to: test
> db.system.users.find()
{ "_id" : ObjectId("51d3e1c94ef3aba14566b889"), "user" : "root", "readOnly" : false, "pwd" : "b3098ef4591719e9f75972a75883726b" }
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : ObjectId("51d5378a6a7de1fde965535c"), "user" : "allenlei", "readOnly" : false, "pwd" : "a9eadc99bab4734b32f5bc4148d866c6
" }
>
> show collections
system.indexes
system.users
> use tutorial
switched to db tutorial
> show collections
newCollection_noCapped
numbers
person
personalinfo
photo.chunks
photo.files
student
student_res
system.indexes
system.users
users
>
可以看出,通過admin資料庫登入,可以以登入賬戶進入其他資料庫進行操作。
7. 現在用root賬號登入test資料庫:
E:\MongoDB\bin>mongo -authenticationDatabase test -u root -p
MongoDB shell version: 2.4.4
Enter password:
connecting to: test
> show collections
person
system.indexes
system.users
> db.system.users.find()
{ "_id" : ObjectId("51d53a706ce04d74431706b4"), "user" : "root", "readOnly" : false, "pwd" : "34e5772aa66b703a319641d42a47d696" }
> use tutorial
switched to db tutorial
> show collections
Thu Jul 04 17:04:51.186 JavaScript execution failed: error: {
"$err" : "not authorized for query on tutorial.system.namespaces",
"code" : 16550
} at src/mongo/shell/query.js:L128
>
root賬戶屬於test而不是admin資料庫,許可權只能在本資料庫使用,而不像allenlei可以到tutorial資料庫操作。