最近遇到关于mongodb 3.0.x权限设置的问题,做了一下总结:
- 第一给mongodb 3.0.x 添加user
第一步修改配置文件:
xxx@xxx:~$ sudo gedit /etc/mongod.conf
将下面
security:
authorization: enabled
改为
#security
保存退出
xxx@xxx:~$ ps -ef | grep mongodb
xxx@xxx:~$ sudo kill xxxx
xxx@xxx:~$ sudo service mongod start
xxx@xxx:~$ mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten]
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten]
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2015-10-27T17:01:07.973+0800 I CONTROL [initandlisten]
> show dbs
admin 0.078GB
local 0.078GB
> use admin
switched to db admin
> db.createUser(
... {
... user:"admin",
... pwd:"admin",
... roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"}]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
]
}
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "bUhMAodI9w6OPDt9GL5Auw==", "storedKey" : "jBhWrBoYjwz86PqlCUTMkSh3h2A=", "serverKey" : "DMq1OYN45RfPjWIi4jFKNW6BJ6k=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }
> exit
bye
接下来在配置文件中恢复认证
xxx@xxx:~$ sudo gedit /etc/mongod.conf
改#security:为
security:
authorization: enabled
保存退出
接下来
xxx@xxx:~$ ps -ef | grep mongodb
xxx@xxx:~$ sudo kill xxxx
xxx@xxx:~$ sudo service mongod start
然后在mongo shell操作(注意1.该方式添加的用户不能用Robomongo 0.8.5连接,具体原因在下面;注意2.既然认证了就要先db.auth('xxx','xxx')返回1后再进行其他操作)如下操作
xxx@xxx:~$ mongo
MongoDB shell version: 3.0.7
connecting to: test
> use admin
switched to db admin
> db.auth('admin','admin')
1
>show dbs
admin 0.078GB
local 0.078GB
- 第二用Robomongo 0.8.5连接mongodb 3.0.x
应该有很多同学用第一种方式设置好用户后,用Robomongo 0.8.5连接mongodb 3.0.x会发现怎么都连接不上,
为什么呢?
咱先看下日志文件会发现有这么一句
2015-10-27T09:28:47.588+0800 I ACCESS [conn5] Failed to authenticate admin@admin with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user admin@admin
原来,在mongodb 2.x采用的默认认证机制是MONGODB-CR
而在mongodb官网说明中mongodb 3.0.x采用的认证机制是SCRAM-SHA-1
而Robomongo 0.8.5的认证机制并没有升级(个人推测,也有可能可以在Robomongo哪个配置文件可以设置一下也不一定)
下面就是如何操作:
第一步修改配置文件:
xxx@xxx:~$ sudo gedit /etc/mongod.conf
将下面
security:
authorization: enabled
改为
#security
保存退出
xxx@xxx:~$ ps -ef | grep mongodb
xxx@xxx:~$ sudo kill xxxx
xxx@xxx:~$ sudo service mongod start
xxx@xxx:~$ mongo
MongoDB shell version: 3.0.7
connecting to: test
2015-10-27T18:10:13.137+0800 I CONTROL [initandlisten]
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten]
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2015-10-27T18:10:13.138+0800 I CONTROL [initandlisten]
> show dbs
admin 0.078GB
local 0.078GB
> use admin
switched to db admin
> show collections
system.indexes
system.users
system.version
> db.system.version.find()
{ "_id" : "authSchema", "currentVersion" : 5 }
从上面可以看到"currentVersion" : 5
currentVersion为5则表示当前数据库的认证机制是SCRAM-SHA-1
而在mongodb 2.x中采用的默认认证机制是MONGODB-CR
所以想要在3.x版本中使用Robomongo 0.85中使用用户名密码连接数据库则可以将mongodb的数据库认证机制(当前为SCRAM-SHA-1)改为MONGODB-CR
那如何改呢?请看下面操作:
> var schema=db.system.version.findOne({"_id" : "authSchema"})
> schema.currentVersion=3
3
> db.system.version.save(schema)
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
> db.system.version.find()
{ "_id" : "authSchema", "currentVersion" : 3 }
在这表示已经修改成功了。
下面创建用户(注意,若之前已经创建过用户的则要将用户删除,因为之前创建的用户采用的认证机制是SCRAM-SHA-1)
本人因为之前创建过,所以先drop掉用户
> use admin
switched to db admin
> db.dropUser('admin')
true
> db.createUser(
... {
... user:"admin",
... pwd:"admin",
... roles:[{role:"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"}]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
}
]
}
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }
> eixt
bye
接下来在配置文件中恢复认证
xxx@xxx:~$ sudo gedit /etc/mongod.conf
改#security:为
security:
authorization: enabled
保存退出
接下来
xxx@xxx:~$ ps -ef | grep mongodb
xxx@xxx:~$ sudo kill xxxx
xxx@xxx:~$ sudo service mongod start
然后在mongo shell操作
(注意1.该方式添加的用户不能用Robomongo 0.8.5连接,具体原因在下面;注意2.既然认证了就要先db.auth('xxx','xxx')返回1后再进行其他操作)如下操作
xxx@xxx:~$ mongo
MongoDB shell version: 3.0.7
connecting to: test
> use admin
switched to db admin
> db.auth('admin','admin')
1
>show dbs
admin 0.078GB
local 0.078GB
- 有个题外话:
有些同学会发现怎么我的数据库怎么没有/etc下没有mongod.conf文件,那怎么操作
没有mongod.conf配置文件,数据库其实加载的配置应该是内置的(本人理解)
此时如果不显示指定配置文件启动数据库的话,可能不好添加权限认证,因为mongodb默认情况下就是不认证的,
那如何操作呢?
xxx@xxx:~/mongodb/mongodb/bin$ ./mongod –config /home/zyb/mongodb/mongodb.conf &
上述操作即可指定配置文件启动数据库(上面路径是本人数据库存放的路径)
其他设置权限的操作和上面一样。