mongodb權(quán)限管理02

創(chuàng)新互聯(lián)長期為成百上千家客戶提供的網(wǎng)站建設(shè)服務(wù)，團(tuán)隊(duì)從業(yè)經(jīng)驗(yàn)10年，關(guān)注不同地域、不同群體，并針對不同對象提供差異化的產(chǎn)品和服務(wù)；打造開放共贏平臺，與合作伙伴共同營造健康的互聯(lián)網(wǎng)生態(tài)環(huán)境。為蘇尼特右企業(yè)提供專業(yè)的成都網(wǎng)站設(shè)計(jì)、成都做網(wǎng)站，蘇尼特右網(wǎng)站改版等技術(shù)服務(wù)。擁有十年豐富建站經(jīng)驗(yàn)和眾多成功案例,為您定制開發(fā)。

接下來，mongodb 的配置文件中如何實(shí)現(xiàn)密碼的登錄呢？
我們之前是直接用的這個(gè)命令
[root@prd3-mysql-0-36 ~]# mongod -f /ivargo/app/mongodb/conf/mongo.conf --auth
我們原來的配置文件
[root@prd3-mysql-0-36 ~]# cat /ivargo/app/mongodb/conf/mongo.conf
security:
authorization: disabled //只需要把 disabled 改成enabled 就可以了

這樣改可以了，下面是我們的測試結(jié)果
authorization: disabled 上面的配置文件改成 authorization: enabled
然后重啟mongodb就可以了

[root@prd3-mysql-0-36 ~]# mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> show dbs;
2019-05-21T14:28:35.425+0800 E QUERY    [js] Error: listDatabases failed:{
        "ok" : 0,
        "errmsg" : "command listDatabases requires authentication",
        "code" : 13,
        "codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1
shellHelper.show@src/mongo/shell/utils.js:876:19
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1
> use admin
switched to db admin
> db.uWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
  db.u
admin.u
> 
> 
> 
> use admin
switched to db admin
> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
  db.auth('vargo','vargo123')
1
> show dbs;
admin   0.000GB
config  0.000GB
dbabd   0.000GB
local   0.000GB
> exit
bye
[root@prd3-mysql-0-36 ~]# mongo
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
> use admin
switched to db admin
> db.auWarning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
  db.auth('majihui','majihui123')
1
> show dbs
dbabd  0.000GB

> exit
bye

綜合性實(shí)驗(yàn)小結(jié)：
第二步：在無密碼的狀態(tài)下創(chuàng)建最高權(quán)限的用戶 user_admin 密碼為 xxx
我們創(chuàng)建一個(gè)超級用戶
use admin
db.createUser(
{
user: "user_admin",
pwd: "xxx",
roles: [{ role: "root", db: "admin" }]
}
)

先在無密碼的狀態(tài)下具體操作如下：
[root@localhost data]# mongo -p 27017
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.10
Server has startup warnings: 
2019-05-28T21:03:52.718+0800 I CONTROL  [main] ** WARNING: --rest is specified without --httpinterface,
2019-05-28T21:03:52.719+0800 I CONTROL  [main] **          enabling http interface
2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] 
2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2019-05-28T21:03:53.380+0800 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2019-05-28T21:08:17.070+0800 I CONTROL  [initandlisten] 
2019-05-28T21:08:17.071+0800 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2019-05-28T21:08:17.071+0800 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2019-05-28T21:08:17.072+0800 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2019-05-28T21:08:17.072+0800 I CONTROL  [initandlisten] 
> use admin
switched to db admin
> db.createUser(
...     {
...         user: "user_admin",
...         pwd: "xxx",
...         roles: [{ role: "root", db: "admin" }]
...     }
... )
Successfully added user: {
        "user" : "user_admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}
> show users;
{
        "_id" : "admin.user_admin",
        "user" : "user_admin",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}

//我們登錄進(jìn)去 進(jìn)行測試   能登錄 成功的
> use admin
switched to db admin
> db.auth('user_admin','xxx')
1
> show dbs
BlockchainTransaction  0.000GB
admin                  0.000GB
analysis               0.005GB
apk-upgrade            0.000GB
autotest               0.000GB
blockchain             0.000GB
dubbo-monitor          0.000GB
local                  0.000GB
logdb                  0.000GB
test                   0.000GB
vconference            0.001GB
vconsole               0.002GB
vemm-admin             0.003GB
vmessage               0.011GB
vphone                 0.187GB
vstore_db              1.994GB
vtime                  0.029GB
yapi                   0.003GB

我們接下來用加密了的mongo 27017 做一次備份
具體操作如下：
mongodump -h localhost:27017 -o /ivargo/data/mgdbback/
實(shí)際操作如下語句
mongodump -h localhost:27017 -u user_admin -p xxx -o /ivargo/data/mgdbbackauth
//可以成功備份的

這里有一個(gè)問題就是，最高權(quán)限的用戶 user_admin xxx 無法去單獨(dú)的訪問mongodb中的每個(gè)表
我們需要登錄到每個(gè)表中更具每個(gè)不同的表創(chuàng)建權(quán)限
他下面有十幾個(gè)庫 就都這樣執(zhí)行 先user 單獨(dú)的表 在設(shè)置
use BlockchainTransaction
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"BlockchainTransaction"}]
}
)

use analysis
db.createUser(
{
user: "useradmin",
pwd: "xxxxx",
roles:[{role:"dbOwner",db:"analysis"}]
}
)

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

當(dāng)前文章：mongodb權(quán)限管理02-創(chuàng)新互聯(lián)
本文鏈接：http://weahome.cn/article/dccdhj.html