Mongodb permission management
1. Why do you need to set permissions management
The newly installed mongodb does not start with permission authentication by default. Unlike MySQL, mongodb does not set permissions during installation. However, the public network operating system needs to set permissions to ensure data security, so we have to learn mongodb permissions management
2. Mongodb permission management scheme
MongoDB does not have a default administrator account, so you need to add an administrator account first, and the mongodb server needs to open the authentication mode when it is running
- The user can only log in in the database where the user is located (the database where the user is created), including the administrator account.
- Administrators can manage all databases, but cannot directly manage other databases. They must be authenticated before they can.
3. Create mongodb super administrator account
3.1 Create a super user and
enter the mongo shell
sudo mongod
Use the admin database (the super administrator account must be created on the database)
use admin
Create super user
db.createUser({
"user":"root_name","pwd":"password","roles":["root"]})
Successfully created will display the following message Successfully added user: {"user": "root_name", "roles": ["root"] }
Exit the mongo shell
exit
3.2 Start the mongodb database with permission authentication
sudo mongod --auth
After startup, there will be the following information in the startup information, indicating that mongodb was successfully started by authorization authentication
[initandlisten] options: {security: {authorization: “enabled”}}
3.3 Login verification
At this time, when you use the database commands again, a permission error will be reported, and authentication is required to perform corresponding operations,
use admin
db.auth('root_name','password')
- The root_name user is created on the admin database, so it must come to the admin database for authentication
- It will return 1 if the authentication is successful, and 0 if it fails
4. Create ordinary users
4.1 Create a normal user on the used database
1. Select the database that needs to create a user
use test1
Create user:
Create a normal user user1, the user's permission on test1 is read-only
db.createUser("user":"user1", "pwd":"pwd1", roles:["read"])
Create a normal user user1, the user's permission on test1 is read and write
db.createUser("user":"user1", "pwd":"pwd1", roles:["readWrite"])
4.2 Create a normal user on the admin user database
use admin
db.createUser({
"user":"python1", "pwd":"python1", roles:[{
"role":"read","db":"dbname1"},{
"role":"readWrite","db":"dbname2"}
]})
Create a python1 user on the admin. There are two permissions for the python1 user, one is read-only on dbname1, and the other is read-write on dbname2
5. View the created users
show users
{
"_id" : "admin.python",
"user" : "python",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
6. Delete users
6.1 Enter the database where the account data is located
use db_name
6.2 Delete user
db.dropUser('python')