Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ MongoDB3.0.x version of the user authorization profile (stand-alone environment)     - LVM management parameters commonly used commands explained in detail (Linux)

- Ubuntu configuration SVN and http mode access (Server)

- Android Action Compendium (Programming)

- Security Configuration SQL Server 2000 database tutorial (Linux)

- RedHat install GCC problem --- Depends (Linux)

- ctop: monitor container performance Linux command line artifact (Linux)

- How Bluetooth turned off by default in Ubuntu 14.04 (Linux)

- Linux file time Comments ctime mtime atime (Linux)

- Under Ubuntu on how to use iptables firewall (Linux)

- Performance issues under CentOS 6.5 VLAN devices (Linux)

- C ++ free store and heap (Programming)

- TCP network communication Java Programming (Programming)

- Linux firewall settings instance (Linux)

- A key installation Gitlab 7 on RHEL6.4 and Setup Mail TX (Linux)

- Zabbix configuration external network mail alarm (Server)

- Terminal multiplexing tool tmux use (Linux)

- CentOS 6.5 installation using a data recovery software extundelete (Linux)

- Oracle database on the hit rate of query summary (Database)

- Linux Systems Getting Started Learning: Configuration PCI passthrough on a virtual machine (Linux)

- MySQL 5.7 perfectly distributed transaction support (Database)

 
         
  MongoDB3.0.x version of the user authorization profile (stand-alone environment)
     
  Add Date : 2017-08-31      
         
       
         
  It is not done under the MongoDB database access control by default, as long as the authority is able to connect the open ports can be accessed, and has a root level; for a production environment is extremely unsafe, so it is necessary to establish user authorization control .

User authorization module single-server configuration:

Community version of MongoDB has two modules can control user access:

--auth: mongod start adding items --auth, after mongodb started, you can complete the enabling authorization module);
PS: Although you should create a superuser before after auth module to enable the machine also can log in to the database, but does not have the CRUD permissions, so start auth module
--keyFile : mainly used for cluster fragmentation and authorize the use of the replica set between each other, in the case of stand-alone use as long as auth, if it is in a cluster (slice + replica set) environment, you must use to the parameter;
security.authorization: MongoDB 2.6 version in the beginning, mongod / mongos startup configuration file to add the wording YAML format, more auth is the same, behind the operation, and are based on the format
security.keyFile: security.authorization same format, the same function and --keyFile.
First verify the non-authentication module configured to:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten]
> Show dbs
local 0.000GB
 In the absence of configuration, log into the database, you can do anything.

Configuring authentication module and restart the service:

Write a startup configuration file: mongodb.conf (red winning file section on authorization for the auth module)

[Root @ fo169 bin] # cat mongodb.conf
systemLog:
   destination: file
   path: "/data/auth/log/mongod.log"
   logAppend: true
storage:
   journal:
      enabled: true
   dbPath: "/ data / auth / db"
   directoryPerDB: true
   engine: wiredTiger
   wiredTiger:
      engineConfig:
         cacheSizeGB: 4
         directoryForIndexes: true
         journalCompressor: zlib
      collectionConfig:
         blockCompressor: zlib
      indexConfig:
         prefixCompression: true
net:
   port: 27017
processManagement:
   fork: true
security:
   authorization: enabled
Create an authorized user (super administrator):

MongoDB version V3.0 built after the root role, which is a combination of readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin4 a role of authority, similar to Oracle's sysdba role, but MongoDB super administrator user name can be arbitrarily defined:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten]
> Use admin
switched to db admin
> Db.createUser (
... {
... User: "ljaiadmin",
... Pwd: "123456",
... Roles: [{role: "root", db: "admin"}]
...}
...)
Successfully added user: {
        "User": "ljaiadmin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
This will create a ljaiadmin super administrator user, create global user or a superuser, you need to create in the admin database MongoDB (You can also create other libraries, but does not feature the character), mongod After the restart process, then do some authority to verify:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
> Show dbs (Note: This view has prompted not authorized to perform the listDatabases commands)
2015-10-30T16: 41: 31.131 + 0800 E QUERY Error: listDatabases failed: {
        "Ok": 0,
        "Errmsg": "not authorized on admin to execute command {listDatabases: 1.0}",
        "Code": 13
}
    at Error ()
    at Mongo.getDBs (src / mongo / shell / mongo.js: 47: 15)
    at shellHelper.show (src / mongo / shell / utils.js: 630: 33)
    at shellHelper (src / mongo / shell / utils.js: 524: 36)
    at (shellhelp2): 1: 1 at src / mongo / shell / mongo.js: 47
> Use admin
switched to db admin
> Db.auth ( 'ljaiadmin', '123456') (NOTE: Switching to admin user authorization verification)
1
> Show dbs (Note: After the verification is complete, you can read and write operations)
admin 0.000GB
local 0.000GB
test100 0.000GB
test2 0.000GB
> Use test2
switched to db test2
> Show tables
test
test2
> Db.test2.find ()
{ "_id": ObjectId ( "5632cf116207909a76446af7"), "name": "1"}
> Db.test2.drop ()
true
> Db.dropDatabase ()
{ "Dropped": "test2", "ok": 1}
> Show dbs
admin 0.000GB
local 0.000GB
test100 0.000GB
> Use test100
switched to db test100
> Db.test111.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test111.find ()
{ "_id": ObjectId ( "56332db373f771b3d95638bb"), "test": "test"}
> Use admin
switched to db admin
> Show users
{
        "_id": "Admin.ljaiadmin",
        "User": "ljaiadmin",
        "Db": "admin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
>
Create a regular user

Test123 can use the database to read and write rwtest123 user as an example:

> Use test123
switched to db test123
> Db.createUser (
... {
... User: "rwtest123",
... Pwd: "123456",
... Roles: [{role: "readWrite", db: "test123"}]
...}
...)
Successfully added user: {
        "User": "rwtest123",
        "Roles": [
                {
                        "Role": "readWrite",
                        "Db": "test123"
                }
        ]
}

# Built rwtest123 users can CRUD operations test123 database, but other operations would not be
> Db.auth ( 'rwtest123', '123456')
switched to db test123
> Db.test123.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test123.find ()
{ "_id": ObjectId ( "563332ebc8a59ae4fe96bbf5"), "test": "test"}
> Db.test123.drop ()
true
> Use test100
switched to db test100
> Db.test100.find ()
Error: error: { "$ err": "not authorized for query on test100.test100", "code": 13}
>
Configuration Reference:

 MongoDB database user permissions control authority, or more, have a built-in system, have defined roles, permissions can also define your own roles, according to business needs require permission assignments:

Own description of the role (general role is basically built to meet the needs of the production environment):

https://docs.mongodb.org/manual/core/security-built-in-roles/

User-defined description of the role:

https://docs.mongodb.org/manual/core/security-user-defined-roles/

Description User management configuration

https://docs.mongodb.org/manual/reference/method/#user-management-methods
     
         
       
         
  More:      
 
- Laravel 4 Expansion Pack (Server)
- Python configuration tortuous road of third-party libraries Numpy and matplotlib (Programming)
- Android View event delivery (Programming)
- 64-bit Windows Server 2012 R2 install Oracle 10g Second Edition (Database)
- grep regular expression (Linux)
- Enable Intel Rapid Start in GNU / Linux (Linux)
- Mumble installation source VoIP application on Ubuntu (Linux)
- Iptables small summary (Linux)
- Ubuntu and derivative system users how to install Pinta 1.5 (Linux)
- Getting Started with Linux system to learn: How do I know which processes are running on the CPU core (Linux)
- Cooling solutions Ubuntu system (Linux)
- DOM event handlers add notes (Programming)
- The Objects in JavaScript (Programming)
- GAMIT learning materials finishing (Linux)
- Four safety delete files under Linux tools (Linux)
- Difference between TCP and UDP protocols (Linux)
- The method of CentOS-7.0. The installation and configuration of Tomcat-7 (Server)
- Install and configure GO 1.2.1 under CentOS 6.5 (Linux)
- To delete the directory and all specified files under the Mac (Linux)
- Oracle LONG RAW BLOB CLOB type of presentation (Database)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.