Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ MongoDB3.0.x version of the user authorization profile (stand-alone environment)     - Bash code injection attacks through a special environment variable (Linux)

- secureCRT remote login Linux must first open the connection protocol (Linux)

- How to install Linux Go Language (Linux)

- VSFTPD Security (Linux)

- Firewall - Internet Militarization (Linux)

- CentOS static IP network configuration (Linux)

- Ubuntu and Derivative Edition users install LMMS 0.4.15 (Linux)

- Getting the Linux shell variable test (Programming)

- Wine 1.7 is installed on a system based on RedHat or Debian (Linux)

- Linux serial debugging tools xgcom install (Linux)

- How to Install terminator 0.98 on Ubuntu and Linux Mint (Linux)

- Simple solution CC attack under Linux VPS (Linux)

- Python in os.path Magical (Programming)

- How to compare PDF files on Ubuntu (Linux)

- How to enable fbcon in Debian (Linux)

- CentOS system dual network card IP information configuration (Linux)

- Redis performance test (Database)

- CentOS 6.5 configuration SSDB 1.8.0 (Server)

- LVM management reduces swap partition space to the root partition (Linux)

- Oracle background processes daemons (Database)

 
         
  MongoDB3.0.x version of the user authorization profile (stand-alone environment)
     
  Add Date : 2017-08-31      
         
       
         
  It is not done under the MongoDB database access control by default, as long as the authority is able to connect the open ports can be accessed, and has a root level; for a production environment is extremely unsafe, so it is necessary to establish user authorization control .

User authorization module single-server configuration:

Community version of MongoDB has two modules can control user access:

--auth: mongod start adding items --auth, after mongodb started, you can complete the enabling authorization module);
PS: Although you should create a superuser before after auth module to enable the machine also can log in to the database, but does not have the CRUD permissions, so start auth module
--keyFile : mainly used for cluster fragmentation and authorize the use of the replica set between each other, in the case of stand-alone use as long as auth, if it is in a cluster (slice + replica set) environment, you must use to the parameter;
security.authorization: MongoDB 2.6 version in the beginning, mongod / mongos startup configuration file to add the wording YAML format, more auth is the same, behind the operation, and are based on the format
security.keyFile: security.authorization same format, the same function and --keyFile.
First verify the non-authentication module configured to:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten]
> Show dbs
local 0.000GB
 In the absence of configuration, log into the database, you can do anything.

Configuring authentication module and restart the service:

Write a startup configuration file: mongodb.conf (red winning file section on authorization for the auth module)

[Root @ fo169 bin] # cat mongodb.conf
systemLog:
   destination: file
   path: "/data/auth/log/mongod.log"
   logAppend: true
storage:
   journal:
      enabled: true
   dbPath: "/ data / auth / db"
   directoryPerDB: true
   engine: wiredTiger
   wiredTiger:
      engineConfig:
         cacheSizeGB: 4
         directoryForIndexes: true
         journalCompressor: zlib
      collectionConfig:
         blockCompressor: zlib
      indexConfig:
         prefixCompression: true
net:
   port: 27017
processManagement:
   fork: true
security:
   authorization: enabled
Create an authorized user (super administrator):

MongoDB version V3.0 built after the root role, which is a combination of readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin4 a role of authority, similar to Oracle's sysdba role, but MongoDB super administrator user name can be arbitrarily defined:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten]
> Use admin
switched to db admin
> Db.createUser (
... {
... User: "ljaiadmin",
... Pwd: "123456",
... Roles: [{role: "root", db: "admin"}]
...}
...)
Successfully added user: {
        "User": "ljaiadmin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
This will create a ljaiadmin super administrator user, create global user or a superuser, you need to create in the admin database MongoDB (You can also create other libraries, but does not feature the character), mongod After the restart process, then do some authority to verify:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
> Show dbs (Note: This view has prompted not authorized to perform the listDatabases commands)
2015-10-30T16: 41: 31.131 + 0800 E QUERY Error: listDatabases failed: {
        "Ok": 0,
        "Errmsg": "not authorized on admin to execute command {listDatabases: 1.0}",
        "Code": 13
}
    at Error ()
    at Mongo.getDBs (src / mongo / shell / mongo.js: 47: 15)
    at shellHelper.show (src / mongo / shell / utils.js: 630: 33)
    at shellHelper (src / mongo / shell / utils.js: 524: 36)
    at (shellhelp2): 1: 1 at src / mongo / shell / mongo.js: 47
> Use admin
switched to db admin
> Db.auth ( 'ljaiadmin', '123456') (NOTE: Switching to admin user authorization verification)
1
> Show dbs (Note: After the verification is complete, you can read and write operations)
admin 0.000GB
local 0.000GB
test100 0.000GB
test2 0.000GB
> Use test2
switched to db test2
> Show tables
test
test2
> Db.test2.find ()
{ "_id": ObjectId ( "5632cf116207909a76446af7"), "name": "1"}
> Db.test2.drop ()
true
> Db.dropDatabase ()
{ "Dropped": "test2", "ok": 1}
> Show dbs
admin 0.000GB
local 0.000GB
test100 0.000GB
> Use test100
switched to db test100
> Db.test111.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test111.find ()
{ "_id": ObjectId ( "56332db373f771b3d95638bb"), "test": "test"}
> Use admin
switched to db admin
> Show users
{
        "_id": "Admin.ljaiadmin",
        "User": "ljaiadmin",
        "Db": "admin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
>
Create a regular user

Test123 can use the database to read and write rwtest123 user as an example:

> Use test123
switched to db test123
> Db.createUser (
... {
... User: "rwtest123",
... Pwd: "123456",
... Roles: [{role: "readWrite", db: "test123"}]
...}
...)
Successfully added user: {
        "User": "rwtest123",
        "Roles": [
                {
                        "Role": "readWrite",
                        "Db": "test123"
                }
        ]
}

# Built rwtest123 users can CRUD operations test123 database, but other operations would not be
> Db.auth ( 'rwtest123', '123456')
switched to db test123
> Db.test123.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test123.find ()
{ "_id": ObjectId ( "563332ebc8a59ae4fe96bbf5"), "test": "test"}
> Db.test123.drop ()
true
> Use test100
switched to db test100
> Db.test100.find ()
Error: error: { "$ err": "not authorized for query on test100.test100", "code": 13}
>
Configuration Reference:

 MongoDB database user permissions control authority, or more, have a built-in system, have defined roles, permissions can also define your own roles, according to business needs require permission assignments:

Own description of the role (general role is basically built to meet the needs of the production environment):

https://docs.mongodb.org/manual/core/security-built-in-roles/

User-defined description of the role:

https://docs.mongodb.org/manual/core/security-user-defined-roles/

Description User management configuration

https://docs.mongodb.org/manual/reference/method/#user-management-methods
     
         
       
         
  More:      
 
- Four safety delete files under Linux tools (Linux)
- Android Studio Clear Project or Rebuild Project Error (Linux)
- Nginx1.8 version upgrade method AMH4.2 Free manually compile (Server)
- Linux formatted partition error Could not stat / dev / sda No such file or directory Solution (Linux)
- RHEL7.0 environment Linux kernel upgrade (Linux)
- Getting Started with Linux system to learn: how to check the version of SSH on Linux (Linux)
- RedHat install GCC problem --- Depends (Linux)
- To set up the printer use Nagios Monitoring Server (Server)
- Use Bash script write CVS version control (Server)
- Linux Getting Started tutorial: GNU C and Vim will fight the C / C ++ IDE semi-automatic (Linux)
- How to configure FirewallD in RHEL / CentOS 7 and Fedora in (Linux)
- Learning Linux coding style (Programming)
- How to install the Ruby runtime environment on Mac OS X (Linux)
- Web database security tips (Linux)
- grep command Series: grep command to search for multiple words (Linux)
- Ubuntu and derivative users to install the system launcher SimDock 1.3 (Linux)
- MySQL5.7 JSON type using presentation (Database)
- Linux find command usage practices (Linux)
- Lsblk command lists using Linux block device information (Linux)
- shell script: the number of characters in the text to print no more than 6 words (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.