首先說中心思想,和連接本地數據庫是一樣的,不同的是修改數據庫的配置項:
module.exports = { dbs:'mongodb://賬號:密碼@服務器ip27017/數據庫名稱' }
但是總是提示權限不足。
即在要操作的數據庫 dbs下創建用戶的讀寫權限,例如:
use dbs db.createUser({ user:'root', pwd:'root', roles:[ {role:'readWrite',db:'dbs'} ] })
每個數據庫,都要設置用戶的訪問權限,只有設置了權限,才能對數據庫進行操作!
詳見這篇文章:http://www.ttlsa.com/mongodb/mongodb-3-0-security-permissions-access-control/
mongoDB 3.0 訪問控制改了很多,需要你老老實實的去看文檔去驗證,谷歌百度出來的多半就是錯誤的。 還需要注意這個參數authenticationMechanisms。
為了兼用2.6版本,我直接指定下面的參數:
|
1
2
|
setParameter:
authenticationMechanisms: MONGODB-CR
|
下面看看如何創建訪問控制權限
不使用 —auth 參數,啟動 mongoDB
|
1
|
mongodb-linux-i686-3.0.0/bin/mongod -f mongodb-linux-i686-3.0.0/mongodb.conf
|
此時你 show dbs 會看到只有一個local數據庫,那個所謂的admin是不存在的。
mongoDB 沒有超級無敵用戶root,只有能管理用戶的用戶 userAdminAnyDatabase。
添加管理用戶
|
1
2
3
4
5
6
7
8
|
use admin
db.createUser(
{
user: "buru",
pwd: "12345678",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
|
roles 中的 db 參數是必須的,不然會報錯:Error: couldn’t add user: Missing expected field “db”。另外,有很多文章記錄的是使用 db.addUser(…) 方法,這個方法是舊版的,3.0中已經不存在,詳見:http://docs.mongodb.org/manual/reference/method/js-user-management。
切換到admin下,查看剛才創建的用戶:
|
1
2
3
4
|
show users
或
db.system.users.find()
{ "_id" : "admin.buru", "user" : "buru", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "gwVwuA/dXvxgSHavEnlyvA==", "storedKey" : "l2QEVTEujpkCuqDEKqfIWbSv4ms=", "serverKey" : "M1ofNKXg2sNCsFrBJbX4pXbSgvg=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
|
怎么關閉 mongoDB?千萬不要 kill -9 pid,可以 kill -2 pid 或 db.shutdownServer()
下面使用 —auth 參 數,重新啟動 mongoDB:
|
1
2
3
4
5
6
7
|
mongodb-linux-i686-3.0.0/bin/mongod --auth -f mongodb-linux-i686-3.0.0/mongodb.conf
mongodb-linux-i686-3.0.0/bin/mongo
use admin
db.auth("buru","12345678") #認證,返回1表示成功
或
mongodb-linux-i686-3.0.0/bin/mongo -u buru -p 12345678 --authenticationDatabase admin
|
此時 show collections 報錯
|
1
2
3
4
5
6
7
8
9
10
11
12
|
2015-03-17T10:15:56.011+0800 E QUERY Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listCollections: 1.0 }",
"code" : 13
}
at Error (<anonymous>)
at DB._getCollectionInfosCommand (src/mongo/shell/db.js:643:15)
at DB.getCollectionInfos (src/mongo/shell/db.js:655:20)
at DB.getCollectionNames (src/mongo/shell/db.js:666:17)
at shellHelper.show (src/mongo/shell/utils.js:625:12)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/db.js:643
|
因為,用戶buru只有用戶管理的權限。
下面創建用戶,用戶都跟着庫走,創建的用戶都是
|
1
2
3
4
5
6
7
8
9
10
11
|
use tianhe
db.createUser(
{
user: "bao",
pwd: "12345678",
roles: [
{ role: "readWrite", db: "tianhe" },
{ role: "read", db: "tianhe2" }
]
}
)
|
查看剛剛創建的用戶。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
show users
{
"_id" : "tianhe.bao",
"user" : "bao",
"db" : "tianhe",
"roles" : [
{
"role" : "readWrite",
"db" : "tianhe"
},
{
"role" : "read",
"db" : "tianhe2"
}
]
}
|
查看整個mongoDB全部的用戶:
|
1
2
3
4
5
|
use admin
db.system.users.find()
{ "_id" : "admin.buru", "user" : "buru", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "gwVwuA/dXvxgSHavEnlyvA==", "storedKey" : "l2QEVTEujpkCuqDEKqfIWbSv4ms=", "serverKey" : "M1ofNKXg2sNCsFrBJbX4pXbSgvg=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
{ "_id" : "tianhe.bao", "user" : "bao", "db" : "tianhe", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "//xy1V1fbqEHC1gzQqZHGQ==", "storedKey" : "ZS/o54zzl/FdcXLQJ98KdAVTfF0=", "serverKey" : "iIpNYz2Gk8KhyK3zgz6muBt0PI4=" } }, "roles" : [ { "role" : "readWrite", "db" : "tianhe" }, { "role" : "read", "db" : "tianhe2" } ] }
|
創建完畢,驗證一下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
use buru
show collections
2015-03-17T10:30:06.461+0800 E QUERY Error: listCollections failed: {
"ok" : 0,
"errmsg" : "not authorized on buru to execute command { listCollections: 1.0 }",
"code" : 13
}
at Error (<anonymous>)
at DB._getCollectionInfosCommand (src/mongo/shell/db.js:643:15)
at DB.getCollectionInfos (src/mongo/shell/db.js:655:20)
at DB.getCollectionNames (src/mongo/shell/db.js:666:17)
at shellHelper.show (src/mongo/shell/utils.js:625:12)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/db.js:643
|
顯然沒權限,先auth:
|
1
2
3
4
5
6
|
db.auth("bao","12345678")
1
show collections
news
system.indexes
wahaha
|