userAdminAnyDatabase 這個角色擁有分配角色和用戶的權限,但沒有讀寫的缺陷
root 這是超級管理員
readWrite 有讀寫權限
read 有讀權限
createUser 的語法如下:
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
db.createUser(
{
user: "root",
pwd: "123456",
roles: [
{ role: "readWrite", db: "test" },
{ role: "read", db: "yange" }
]
}
)
> show dbs
admin 0.000GB
local 0.000GB
test 0.018GB
yange 0.000GB
> use admin
switched to db admin
> db.createUser(
... {
... user: "root",
... pwd: "123456",
... roles: [
... { role: "readWrite", db: "test" },
... { role: "read", db: "yange" }
... ]
... }
... )
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
},
{
"role" : "read",
"db" : "yange"
}
]
}
創建完畢後,關閉mongodb,以auth方式啓動mongodb.
$ mongod --config /etc/mongodb.conf --rest
mongodb.conf 文件內容如下:
bash-4.2$ cat /etc/mongodb.conf
port=27017 #端口
dbpath= /data/mongodb #數據文件存放目錄
logpath= /data/mongodb/logs/mongodb.log #日誌文件存放目錄
logappend=true #使用追加的方式寫日誌
fork=true #以守護程序的方式啓用,即在後臺運行
maxConns=500 #最大同時連接數
#noauth=true #不啓用驗證
auth=true #啓用驗證
journal=true
storageEngine=wiredTiger
httpinterface=true
> use admin
switched to db admin
> db.auth("root","123456")
1
> use yange --切換到yange庫
switched to db yange
> show tables
yange
> db.yange.count() --有可讀權限
10000
>
> db.yange.insert({name:28})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on yange to execute command { insert: \"yange\", documents: [ { _id: ObjectId('57c110e083b48f01b16feb47'), name: 28.0 } ], ordered: true }"
}
})
> use test --切換到test庫
switched to db test
> show tables
books
chenfeng
duansf
heshang
numbers
products
test
test2
test3
> db.books.find() --有可讀權限
{ "_id" : ObjectId("5770f0b3f5dedda2a1409934"), "x" : 4, "j" : 2 }
{ "_id" : ObjectId("5770f0b3f5dedda2a1409935"), "x" : 4, "j" : 3 }
{ "_id" : ObjectId("5770f0b3f5dedda2a1409936"), "x" : 4, "j" : 4 }
{ "_id" : ObjectId("5770f0b3f5dedda2a1409937"), "x" : 4, "j" : 5 }
{ "_id" : ObjectId("5770f0b3f5dedda2a1409938"), "x" : 4, "j" : 6 }
{ "_id" : ObjectId("5770f0b3f5dedda2a1409939"), "x" : 4, "j" : 7 }
{ "_id" : ObjectId("5770f0b3f5dedda2a140993a"), "x" : 4, "j" : 8 }
{ "_id" : ObjectId("5770f0b3f5dedda2a140993b"), "x" : 4, "j" : 99 }
> db.books.save({x:4,j:2000}) --也有可寫權限
WriteResult({ "nInserted" : 1 })
>
>
bash-4.2$ mongo --port 27017 -u "root" -p "123456" --authenticationDatabase "admin"
MongoDB shell version: 3.2.7-39-g8da92ea
connecting to: 127.0.0.1:27017/test
> use test
switched to db test
> show tables
books
chenfeng
duansf
heshang
numbers
products
test
test2
test3
yange
> db.books.count()
9
> db.books.save({x:4,j:2001})
WriteResult({ "nInserted" : 1 })
>
> use yange
switched to db yange
> show tables
yange
> db.yange.count()
10000
> db.yange.insert({name:28})
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on yange to execute command { insert: \"yange\", documents: [ { _id: ObjectId('57c11177b6b545b89a198459'), name: 28.0 } ], ordered: true }"
}
})
吃水不忘挖井人:http://blog.itpub.net/15498/viewspace-2124099/