【MongoDB】开启认证权限

 

1.

mongodb.conf :

添加

auth=true

2.

 

 use admin (3.0+ 使用 createUser ;<3.0版本  http://www.cnblogs.com/guizi/archive/2012/11/20/2779500.html)

db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]  }  )  

> db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAny
Database", db: "admin" } ]  }  )
Successfully added user: {
        "user" : "root",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}

not authorized on test to execute command-MongoDB的权限配置

直接报Command '$eval' failed: not authorized on这个错误,可以确认是权限的问题

解决方案:
在官网  http://docs.mongodb.org/manual/reference/command/eval/#dbcmd.eval 有一段描述:

If authorization is enabled, you must have access to all actions on all resources in order to run eval. Providing such access is not recommended, but if your organization requires a user to run eval, create a role that grants anyAction on anyResource. Do not assign this role to any other user.

解决步骤:

1)不带--auth参数启动数据库,所以不需要帐号即可连上MongoDB。

2)新建一个角色,比如叫 sysadmin,需要先切换到admin库进行如下操作:

[C#] 纯文本查看 复制代码
 
> use admin
switched to db admin
> db.createRole({role:'sysadmin',roles:[],
privileges:[
{resource:{anyResource:true},actions:['anyAction']}
]})


3)然后,新建一个用户,使用这个角色,注意,这个角色的db是admin,操作如下:
[C#] 纯文本查看 复制代码
 
> use woplus
switched to db woplus
> db.createUser({
user:'sa',
pwd:'sufeinet.com',
roles:[
{role:'sysadmin',db:'admin'}
]})


好了现在重启启动数据库带上
--auth
就可以正常执行了

 

 

 

 

3.登陆

>  db.auth("admin","admin")
Error: 18 Authentication failed.
0
> user admin
2015-07-28T16:44:43.034+0800 E QUERY    SyntaxError: Unexpected identifier


--这样操作成功了
> use admin
switched to db admin
> db.auth("root","123456")
1
--登陆失败

> db.auth("root","111")
2015-07-28T16:52:51.352+0800 I NETWORK Socket recv() errno:10053 An established
connection was aborted by the software in your host machine. 127.0.0.1:27017
2015-07-28T16:52:51.367+0800 I NETWORK SocketException: remote: 127.0.0.1:27017
error: 9001 socket exception [RECV_ERROR] server [127.0.0.1:27017]
2015-07-28T16:52:51.367+0800 I NETWORK DBClientCursor::init call() failed
Error: error doing query: failed
0
2015-07-28T16:52:51.371+0800 I NETWORK trying reconnect to 127.0.0.1:27017 (127
.0.0.1) failed
2015-07-28T16:52:51.373+0800 I NETWORK reconnect 127.0.0.1:27017 (127.0.0.1) ok

 

 

不知道是不是这个原因,开启 auth后 MongoVUE不能连接。

MongoVUE 是个比较好用的MongoDB客户端,不过免费版在15天过后,不能使用gridfs,Server Monitoring等功能。

 

关于安全性操作还需要继续研究

 

posted on 2015-07-28 17:58  viewcozy  阅读(1573)  评论(0编辑  收藏  举报