Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ MongoDB3.0.x version of the user authorization profile (stand-alone environment)     - Configuring the remote Linux server SSH key authentication to automatically login in Mac OS X (Server)

- Java Prototype Pattern (Programming)

- Linux AS4 VPN server in conjunction with a firewall perfect (Linux)

- Java filter (Programming)

- MNIST presentation and database conversion (Database)

- Mind mapping software installed in CentOS 7 in XMind (Linux)

- Ubuntu 12.04 installed OpenCV 2.3.1, binary image (Linux)

- CentOS7 installed VMware 10 (Linux)

- Install Git on CentOS (Linux)

- Git you do not know about some of the things (Linux)

- Android media library of analysis: MediaProvider (Programming)

- Samba public folder permissions (Server)

- Linux System Getting Started Learning: Disable Ubuntu Apport internal error reporting procedures (Linux)

- Build Golang development environment configuration on Ubuntu 14.04 (Linux)

- Oracle bug Ora-04043 (Database)

- Ceph tuning --Journal and tcmalloc (Server)

- Windows7 system using Vagrant to build Linux virtualized development environment (Linux)

- Linux kernel log --dmesg (Linux)

- CentOS / RHEL 6 was repeated prohibited under the SNMP connection log (Server)

- Let Markdown code syntax highlighting and support Django1.6 (Linux)

 
         
  MongoDB3.0.x version of the user authorization profile (stand-alone environment)
     
  Add Date : 2017-08-31      
         
       
         
  It is not done under the MongoDB database access control by default, as long as the authority is able to connect the open ports can be accessed, and has a root level; for a production environment is extremely unsafe, so it is necessary to establish user authorization control .

User authorization module single-server configuration:

Community version of MongoDB has two modules can control user access:

--auth: mongod start adding items --auth, after mongodb started, you can complete the enabling authorization module);
PS: Although you should create a superuser before after auth module to enable the machine also can log in to the database, but does not have the CRUD permissions, so start auth module
--keyFile : mainly used for cluster fragmentation and authorize the use of the replica set between each other, in the case of stand-alone use as long as auth, if it is in a cluster (slice + replica set) environment, you must use to the parameter;
security.authorization: MongoDB 2.6 version in the beginning, mongod / mongos startup configuration file to add the wording YAML format, more auth is the same, behind the operation, and are based on the format
security.keyFile: security.authorization same format, the same function and --keyFile.
First verify the non-authentication module configured to:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten]
> Show dbs
local 0.000GB
 In the absence of configuration, log into the database, you can do anything.

Configuring authentication module and restart the service:

Write a startup configuration file: mongodb.conf (red winning file section on authorization for the auth module)

[Root @ fo169 bin] # cat mongodb.conf
systemLog:
   destination: file
   path: "/data/auth/log/mongod.log"
   logAppend: true
storage:
   journal:
      enabled: true
   dbPath: "/ data / auth / db"
   directoryPerDB: true
   engine: wiredTiger
   wiredTiger:
      engineConfig:
         cacheSizeGB: 4
         directoryForIndexes: true
         journalCompressor: zlib
      collectionConfig:
         blockCompressor: zlib
      indexConfig:
         prefixCompression: true
net:
   port: 27017
processManagement:
   fork: true
security:
   authorization: enabled
Create an authorized user (super administrator):

MongoDB version V3.0 built after the root role, which is a combination of readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin4 a role of authority, similar to Oracle's sysdba role, but MongoDB super administrator user name can be arbitrarily defined:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten]
> Use admin
switched to db admin
> Db.createUser (
... {
... User: "ljaiadmin",
... Pwd: "123456",
... Roles: [{role: "root", db: "admin"}]
...}
...)
Successfully added user: {
        "User": "ljaiadmin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
This will create a ljaiadmin super administrator user, create global user or a superuser, you need to create in the admin database MongoDB (You can also create other libraries, but does not feature the character), mongod After the restart process, then do some authority to verify:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
> Show dbs (Note: This view has prompted not authorized to perform the listDatabases commands)
2015-10-30T16: 41: 31.131 + 0800 E QUERY Error: listDatabases failed: {
        "Ok": 0,
        "Errmsg": "not authorized on admin to execute command {listDatabases: 1.0}",
        "Code": 13
}
    at Error ()
    at Mongo.getDBs (src / mongo / shell / mongo.js: 47: 15)
    at shellHelper.show (src / mongo / shell / utils.js: 630: 33)
    at shellHelper (src / mongo / shell / utils.js: 524: 36)
    at (shellhelp2): 1: 1 at src / mongo / shell / mongo.js: 47
> Use admin
switched to db admin
> Db.auth ( 'ljaiadmin', '123456') (NOTE: Switching to admin user authorization verification)
1
> Show dbs (Note: After the verification is complete, you can read and write operations)
admin 0.000GB
local 0.000GB
test100 0.000GB
test2 0.000GB
> Use test2
switched to db test2
> Show tables
test
test2
> Db.test2.find ()
{ "_id": ObjectId ( "5632cf116207909a76446af7"), "name": "1"}
> Db.test2.drop ()
true
> Db.dropDatabase ()
{ "Dropped": "test2", "ok": 1}
> Show dbs
admin 0.000GB
local 0.000GB
test100 0.000GB
> Use test100
switched to db test100
> Db.test111.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test111.find ()
{ "_id": ObjectId ( "56332db373f771b3d95638bb"), "test": "test"}
> Use admin
switched to db admin
> Show users
{
        "_id": "Admin.ljaiadmin",
        "User": "ljaiadmin",
        "Db": "admin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
>
Create a regular user

Test123 can use the database to read and write rwtest123 user as an example:

> Use test123
switched to db test123
> Db.createUser (
... {
... User: "rwtest123",
... Pwd: "123456",
... Roles: [{role: "readWrite", db: "test123"}]
...}
...)
Successfully added user: {
        "User": "rwtest123",
        "Roles": [
                {
                        "Role": "readWrite",
                        "Db": "test123"
                }
        ]
}

# Built rwtest123 users can CRUD operations test123 database, but other operations would not be
> Db.auth ( 'rwtest123', '123456')
switched to db test123
> Db.test123.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test123.find ()
{ "_id": ObjectId ( "563332ebc8a59ae4fe96bbf5"), "test": "test"}
> Db.test123.drop ()
true
> Use test100
switched to db test100
> Db.test100.find ()
Error: error: { "$ err": "not authorized for query on test100.test100", "code": 13}
>
Configuration Reference:

 MongoDB database user permissions control authority, or more, have a built-in system, have defined roles, permissions can also define your own roles, according to business needs require permission assignments:

Own description of the role (general role is basically built to meet the needs of the production environment):

https://docs.mongodb.org/manual/core/security-built-in-roles/

User-defined description of the role:

https://docs.mongodb.org/manual/core/security-user-defined-roles/

Description User management configuration

https://docs.mongodb.org/manual/reference/method/#user-management-methods
     
         
       
         
  More:      
 
- Android float ball and boot from the start (Programming)
- CentOS 6.4 dial-up Raiders (Linux)
- Java Virtual Machine class loading mechanism and bytecode execution engine (Programming)
- Java filter (Programming)
- Firewall types and instructions (Linux)
- Build RubyMine + Ruby On Rails + MySQL development environment under Windows (Server)
- A brief introduction to some important Docker commands (Server)
- Formatted output printf command (Programming)
- MySQL 5.6 Open full query log (Database)
- Java heap (Heap) and stack difference (Programming)
- Easy to get hidden administrator account (Linux)
- Ubuntu Linux Change the PATH (Linux)
- VNC configuration detailed analysis under Linux (Linux)
- CentOS 6.5 upgrade to CentOS 7 (Linux)
- Perl loop (Programming)
- MySQL management partition table (Database)
- How to download apk file from the Google Play store on Linux (Linux)
- Installation Sublime Text 3 (Build 3065) text editor in Ubuntu (Linux)
- Cancel Root Command History under Linux (Linux)
- 10 example of the detection memory usage free Linux commands (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.