Server configuration file parsing
bin directory under mongod.cfg server configuration file, the main configuration parameters:
1, the database file storage location
2, server log file storage location
3, the default IP address, port number
set password
By default, MongoDB server address is 127.0.0.1, port number is 27017, admin database information stored in the database administrator is empty, ie no administrator account, any client can directly connect to the server, no authentication.
Benefit is that users can immediately get started, do not worry about a bunch of configuration to get upset. The downside is that everyone can directly access and modify the database data.
1, using the admin database, create an administrator account
use admin
db.createUser({user:"chy",pwd:"abc",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
You will be prompted to create success. role designated account roles (permissions), db specify this account management which db. Because roles: [], an array, it is possible to simultaneously set a plurality of role.
If you are in the role with AnyDatabase, you can manage all databases.
Without AnyDatabase role, you can only manage specified db.
Either way, this account can only enter the specified db. Such authority is designated as "userAdminAnyDatabase", db designated as "admin", this account can only be verified through the database admin can not be verified by other databases. To access the database admin, admin manages all databases in the database.
"UserAdminAnyDatabase" is to manage all database, you can delete operation like a database, it is the management and can not read and write to a database.
mongodb built-in role
1. Database user roles: Read, readWrite;
2. database administration roles: dbadmin, dbowner, useradmin;
3. Cluster management role: clusterAdmin, ClusterManager, clusterMonitor, hostManager;
4. Recovery backup role: Backup, Restore;
5. The all databases role: readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, dbAdminAnyDatabase
6. The root role: the root
7. The internal roles: __ system
2, modify the configuration file mongod.cfg, using a password.
We see that the default is annotated, and does not use secure authentication.
Uncomment amended as follows:
Note the space, indents, authorization there is a space after the colon.
security:
authorization: enabled
3, restart the MongoDB service.
4、
Exit // first exit client
mongo
use admin
db.auth ( " username " , " password " ) // authentication password. 1 represents verified, 0 means no through.
Just create an account access to all db. You can create a db account.
db.createUser({user:'chy1',pwd:'abc1',roles:[{role:'readWrite',db:'test'}]})
Read and write permissions, accounts can only operate the database test, and the test can only read and write.
Once you've created can be used mongodb: // username: password @ host [: port] / database to connect the (mongo need to enter the client).
note:
- MongoDB is the highest authority system root, root privileges
- The highest authority of a database is dbOwner, the database owner, you can create an index, such as read and write operations.
- the createUser () does not have to operate at admin database, the database also operate in other rows.
- Not a user name and password are correct can be verified, but also the role (account authority).