MongoDB的身份驗證

MongoDB的身份驗證
原創 若石之上 最后發布於2018-07-13 11:48:36 閱讀數 7004 收藏
展開
1、當開啟了安全檢查之后，只有通過身份認證的用戶才能進行數據的讀寫操作
2、admin和local是兩個特殊的數據庫，它們當中的用戶可對任何數據庫進行操作
3、經認證后，管理員用戶可對任何數據庫進行讀寫操作，同時能執行只有管理員才能執行的命令
4、在開啟了安全檢查的數據庫啟動前，應至少添加一個管理員用戶
5、db.createUser()
在當前數據庫中創建一個新用戶，如果用戶已經存在了則拋出異常
db.createUser(user, writeConcern)的參數：
user文檔結構：
{
user: "<name>",
pwd: "<cleartext password>",
customData: { <any information> },
roles: [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...]
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
],
mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
passwordDigestor: "<server|client>"
}

6、樣例1，創建普通用戶：
> use member
switched to db member
> db.createUser(
... {
... user: "member",
... pwd: "password",
... roles: [ "readWrite"]
... }
... );
Successfully added user: { "user" : "member", "roles" : [ "readWrite" ] }
>

7、樣例2，創建管理員用戶：
> use admin
switched to db admin
> db.createUser(
... {
... user: "root",
... pwd: "root",
... roles: ["dbAdmin"]
... }
... );
Successfully added user: { "user" : "root", "roles" : [ "dbAdmin" ] }
>

8、開啟省份驗證
在mongo.conf里面增加配置：
security:
authorization: enabled
9、登錄看看：
[mongodb]$ bin/mongo
MongoDB shell version v4.0.0
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.0
> show dbs
2018-07-13T11:38:27.119+0800 E QUERY [js] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "command listDatabases requires authentication",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1
shellHelper.show@src/mongo/shell/utils.js:865:19
shellHelper@src/mongo/shell/utils.js:755:15
@(shellhelp2):1:1
>
10、驗證登錄：
> db.auth("member","password");
1
> db.getCollectionNames()
[ ]
>