Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ MongoDB3.0.x version of the user authorization profile (stand-alone environment)     - CentOS 6.4 Telecom ADSL dial-up network configuration (Linux)

- Using shell users or virtual users to login to pureftpd (Linux)

- Oracle 11g on Linux system boot from the startup settings (Database)

- Ubuntu 14.04 installation and configuration environment variable JDK1.8.0_25 (Linux)

- Nodejs complete installation instructions for Express (Linux)

- Kubernetes resolve application deployment model (Server)

- Ubuntu users to install Gnome-Pie 0.6.5 (Linux)

- Windows7 / 8 / 8.1 hard drive to install Ubuntu 14.04 dual system (Linux)

- CentOS7 installation performance monitoring system (Server)

- Linux command Detailed chpasswd bulk edit user password (Linux)

- Commentary Apache + Tomcat + JK implement Tomcat clustering and load (Server)

- ORA-00020: No more process state objects available (Database)

- mysqldump MySQL command-line tool (Database)

- Linux, C programming language library file handling and preparation of Makefile (Programming)

- Linux environment SSH login password instead of using the RSA Certificate (Linux)

- High-performance JavaScript loops and flow control (Programming)

- Linux kernel RCU (Read Copy Update) lock Brief (Linux)

- Install and configure GO 1.2.1 under CentOS 6.5 (Linux)

- To share some very useful Vim command (Linux)

- To achieve Linux Security (Linux)

 
         
  MongoDB3.0.x version of the user authorization profile (stand-alone environment)
     
  Add Date : 2017-08-31      
         
       
         
  It is not done under the MongoDB database access control by default, as long as the authority is able to connect the open ports can be accessed, and has a root level; for a production environment is extremely unsafe, so it is necessary to establish user authorization control .

User authorization module single-server configuration:

Community version of MongoDB has two modules can control user access:

--auth: mongod start adding items --auth, after mongodb started, you can complete the enabling authorization module);
PS: Although you should create a superuser before after auth module to enable the machine also can log in to the database, but does not have the CRUD permissions, so start auth module
--keyFile : mainly used for cluster fragmentation and authorize the use of the replica set between each other, in the case of stand-alone use as long as auth, if it is in a cluster (slice + replica set) environment, you must use to the parameter;
security.authorization: MongoDB 2.6 version in the beginning, mongod / mongos startup configuration file to add the wording YAML format, more auth is the same, behind the operation, and are based on the format
security.keyFile: security.authorization same format, the same function and --keyFile.
First verify the non-authentication module configured to:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-29T15: 12: 14.257 + 0800 I CONTROL [initandlisten]
> Show dbs
local 0.000GB
 In the absence of configuration, log into the database, you can do anything.

Configuring authentication module and restart the service:

Write a startup configuration file: mongodb.conf (red winning file section on authorization for the auth module)

[Root @ fo169 bin] # cat mongodb.conf
systemLog:
   destination: file
   path: "/data/auth/log/mongod.log"
   logAppend: true
storage:
   journal:
      enabled: true
   dbPath: "/ data / auth / db"
   directoryPerDB: true
   engine: wiredTiger
   wiredTiger:
      engineConfig:
         cacheSizeGB: 4
         directoryForIndexes: true
         journalCompressor: zlib
      collectionConfig:
         blockCompressor: zlib
      indexConfig:
         prefixCompression: true
net:
   port: 27017
processManagement:
   fork: true
security:
   authorization: enabled
Create an authorized user (super administrator):

MongoDB version V3.0 built after the root role, which is a combination of readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin4 a role of authority, similar to Oracle's sysdba role, but MongoDB super administrator user name can be arbitrarily defined:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
Server has startup warnings:
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2015-10-30T16: 24: 36.127 + 0800 I CONTROL [initandlisten]
> Use admin
switched to db admin
> Db.createUser (
... {
... User: "ljaiadmin",
... Pwd: "123456",
... Roles: [{role: "root", db: "admin"}]
...}
...)
Successfully added user: {
        "User": "ljaiadmin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
This will create a ljaiadmin super administrator user, create global user or a superuser, you need to create in the admin database MongoDB (You can also create other libraries, but does not feature the character), mongod After the restart process, then do some authority to verify:

[Root @ fo169 bin] # ./mongo
MongoDB shell version: 3.0.7
connecting to: test
> Show dbs (Note: This view has prompted not authorized to perform the listDatabases commands)
2015-10-30T16: 41: 31.131 + 0800 E QUERY Error: listDatabases failed: {
        "Ok": 0,
        "Errmsg": "not authorized on admin to execute command {listDatabases: 1.0}",
        "Code": 13
}
    at Error ()
    at Mongo.getDBs (src / mongo / shell / mongo.js: 47: 15)
    at shellHelper.show (src / mongo / shell / utils.js: 630: 33)
    at shellHelper (src / mongo / shell / utils.js: 524: 36)
    at (shellhelp2): 1: 1 at src / mongo / shell / mongo.js: 47
> Use admin
switched to db admin
> Db.auth ( 'ljaiadmin', '123456') (NOTE: Switching to admin user authorization verification)
1
> Show dbs (Note: After the verification is complete, you can read and write operations)
admin 0.000GB
local 0.000GB
test100 0.000GB
test2 0.000GB
> Use test2
switched to db test2
> Show tables
test
test2
> Db.test2.find ()
{ "_id": ObjectId ( "5632cf116207909a76446af7"), "name": "1"}
> Db.test2.drop ()
true
> Db.dropDatabase ()
{ "Dropped": "test2", "ok": 1}
> Show dbs
admin 0.000GB
local 0.000GB
test100 0.000GB
> Use test100
switched to db test100
> Db.test111.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test111.find ()
{ "_id": ObjectId ( "56332db373f771b3d95638bb"), "test": "test"}
> Use admin
switched to db admin
> Show users
{
        "_id": "Admin.ljaiadmin",
        "User": "ljaiadmin",
        "Db": "admin",
        "Roles": [
                {
                        "Role": "root",
                        "Db": "admin"
                }
        ]
}
>
Create a regular user

Test123 can use the database to read and write rwtest123 user as an example:

> Use test123
switched to db test123
> Db.createUser (
... {
... User: "rwtest123",
... Pwd: "123456",
... Roles: [{role: "readWrite", db: "test123"}]
...}
...)
Successfully added user: {
        "User": "rwtest123",
        "Roles": [
                {
                        "Role": "readWrite",
                        "Db": "test123"
                }
        ]
}

# Built rwtest123 users can CRUD operations test123 database, but other operations would not be
> Db.auth ( 'rwtest123', '123456')
switched to db test123
> Db.test123.insert ({ "test": "test"})
WriteResult ({ "nInserted": 1})
> Db.test123.find ()
{ "_id": ObjectId ( "563332ebc8a59ae4fe96bbf5"), "test": "test"}
> Db.test123.drop ()
true
> Use test100
switched to db test100
> Db.test100.find ()
Error: error: { "$ err": "not authorized for query on test100.test100", "code": 13}
>
Configuration Reference:

 MongoDB database user permissions control authority, or more, have a built-in system, have defined roles, permissions can also define your own roles, according to business needs require permission assignments:

Own description of the role (general role is basically built to meet the needs of the production environment):

https://docs.mongodb.org/manual/core/security-built-in-roles/

User-defined description of the role:

https://docs.mongodb.org/manual/core/security-user-defined-roles/

Description User management configuration

https://docs.mongodb.org/manual/reference/method/#user-management-methods
     
         
       
         
  More:      
 
- Ubuntu deployed under regular tasks with crontab (Linux)
- Linux Getting Started tutorial: build your own Vim (Linux)
- Getting Started with Linux: Learn how to install and access CentOS 7 Remote Desktop on a VPS (Server)
- Zabbix monitoring Oracle Database use Orabbix plug (Enhanced Edition) (Database)
- Linux RAID Set RAID 10 or 0 + 1 (Linux)
- Install multiple Linux distributions and Fedora 21 first experience on the same hard disk (Linux)
- How to use static, class, abstract method in Python (Programming)
- Understanding the Linux load average on other UNIX-Like systems (Linux)
- How to install and configure in Ubuntu 14.10 'Weather Information Indicator' (Linux)
- Ruby and Python simple comparison (Programming)
- A detailed introduction to the Hadoop ecosystem (Server)
- Big Data Common Glossary (Linux)
- MySQL master-slave database configuration and error handling Raiders (Database)
- Oracle 12CIN-memory in table spaces (Database)
- Java string intern constant pool resolution Introduction (Programming)
- [Errno 4] IOError: [Errno ftp error] with yum appears as a workaround (Linux)
- CentOS 6.x and CentOS7 install MPlayer (Linux)
- Ubuntu 15.04 / CentOS 7.0 to set custom boot (Linux)
- OpenGL Superb Learning Notes - Vertex Shader example (Programming)
- Linux Kernel 4.2 Installation Instructions (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.