## mongodb的用户管理(认证管理)
- 用户分三种
全局用户
数据库对应用户
只读用户
### 创建全局用户(全局用户只能在admin账户下创建)
- 创建了一个名为zhuima,密码为zhuima的全局账户
[[email protected] ~]# hostname
redis.unix178.com
[[email protected] ~]# mongo
MongoDB shell version: 2.4.6
connecting to: test
> show dbs
local0.078125GB
> use admin
switched to db admin
> db.addUser("zhuima","zhuima")
{
"user" : "zhuima",
"readOnly" : false,
"pwd" : "214c77cbc6bc7d26f28022c30496223d",
"_id" : ObjectId("53cbcb3cc5761ac13c7f6614")
}
>
### 开启配置文件中的auth = true选项
[[email protected] ~]# sed -n ‘/auth/p‘ /etc/mongodb.conf #noauth = true #auth = true auth = true [[email protected] ~]#
### 重启mongodb进行验证 这里可以看到我们进行show的时候提示没权限
[[email protected] ~]# mongo
MongoDB shell version: 2.4.6
connecting to: test
> show dbs
Sun Jul 20 14:02:01.765 listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
>
### test数据库是默认进入的目录,如果你不想进入test数据库,mongo 后面跟上--nodb即可
### 想要切换到全局用户时,必须先要进入admin数据库才可以
[[email protected] ~]# mongo
MongoDB shell version: 2.4.6
connecting to: test
> use admin
switched to db admin
> db.auth("zhuima","zhuima")
1
> show dbs
admin0.203125GB
local0.078125GB
>
### 创建对应数据库的用户
> use zhuima
switched to db zhuima
> info = {info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China",Work:"Engineer",Other:"DevOps"}
...
...
> info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China",Work:"Engineer",Other:"DevOps"}
{
"Name" : "zhuima",
"Age" : 26,
"Gender" : "F",
"Address" : "Beijing China",
"Work" : "Engineer",
"Other" : "DevOps"
}
> db.addUser("nick","zhuima")
{
"user" : "nick",
"readOnly" : false,
"pwd" : "79e274165fd09b1902705535f24eecf9",
"_id" : ObjectId("53cbcd00a6852f086df7d087")
}
### 可以看出nick用户只能对zhuima这个数据库进行权限操作
[[email protected] ~]# mongo
MongoDB shell version: 2.4.6
connecting to: test
> use zhuima
switched to db zhuima
> db.auth("nick","zhuima")
1
> show dbs
Sun Jul 20 14:08:02.743 listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
> show collections
system.indexes
system.users
> db.system.users.find()
{ "_id" : ObjectId("53cbcd00a6852f086df7d087"), "user" : "nick", "readOnly" : false, "pwd" : "79e274165fd09b1902705535f24eecf9" }
> info = {Name:"zhuima",Age:26,Gender:"F",Address:"Beijing China",Work:"Engineer",Other:"DevOps"}
{
"Name" : "zhuima",
"Age" : 26,
"Gender" : "F",
"Address" : "Beijing China",
"Work" : "Engineer",
"Other" : "DevOps"
}
> db.student.insert(info)
> db.student.find()
{ "_id" : ObjectId("53cbcd71d89972ce7ecf83c1"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China", "Work" : "Engineer", "Other" : "DevOps" }
>
### 增加一个只读用户
> db.addUser("kale","zhuima",True)
Sun Jul 20 14:10:33.956 ReferenceError: True is not defined
> db.addUser("kale","zhuima",true)
{
"user" : "kale",
"readOnly" : true,
"pwd" : "c705496ba883d8a8acf0855396fa8b5e",
"_id" : ObjectId("53cbcde3d89972ce7ecf83c2")
}
> message = {Name:"kale",Age:26,Gender:"F"}
{ "Name" : "kale", "Age" : 26, "Gender" : "F" }
> db.auth("kale","zhuima")
1
> message = {Name:"kale",Age:26,Gender:"F"}
{ "Name" : "kale", "Age" : 26, "Gender" : "F" }
> show collections
student
system.indexes
system.users
> db.student.insert(message)
not authorized for insert on zhuima.student
> db.auth("nick","zhuima")
1
> db.student.insert(message)
> db.student.find()
{ "_id" : ObjectId("53cbcd71d89972ce7ecf83c1"), "Name" : "zhuima", "Age" : 26, "Gender" : "F", "Address" : "Beijing China", "Work" : "Engineer", "Other" : "DevOps" }
{ "_id" : ObjectId("53cbce5fd89972ce7ecf83c4"), "Name" : "kale", "Age" : 26, "Gender" : "F" }
>
### 删除一个用户
> db.system.users.find()
{ "_id" : "admin.zhuima", "user" : "zhuima", "db" : "admin", "credentials" : { "MONGODB-CR" : "214c77cbc6bc7d26f28022c30496223d" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "zhuima.nick", "user" : "nick", "db" : "zhuima", "credentials" : { "MONGODB-CR" : "b8b8d091c8b634fe785f41cf3339d9ec" }, "roles" : [ { "role" : "dbOwner", "db" : "zhuima" } ] }
{ "_id" : "zhuima.test", "user" : "test", "db" : "zhuima", "credentials" : { "MONGODB-CR" : "a6de521abefc2fed4f5876855a3484f5" }, "roles" : [ { "role" : "dbOwner", "db" : "zhuima" } ] }
{ "_id" : "zhuima.kale", "user" : "kale", "db" : "zhuima", "credentials" : { "MONGODB-CR" : "a47cb6627c18898317171265eeea47e2" }, "roles" : [ { "role" : "dbOwner", "db" : "zhuima" } ] }
> use zhuima
switched to db zhuima
> db.dropUser("test")
true
> show collections
person
system.indexes
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.zhuima", "user" : "zhuima", "db" : "admin", "credentials" : { "MONGODB-CR" : "214c77cbc6bc7d26f28022c30496223d" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "zhuima.nick", "user" : "nick", "db" : "zhuima", "credentials" : { "MONGODB-CR" : "b8b8d091c8b634fe785f41cf3339d9ec" }, "roles" : [ { "role" : "dbOwner", "db" : "zhuima" } ] }
{ "_id" : "zhuima.kale", "user" : "kale", "db" : "zhuima", "credentials" : { "MONGODB-CR" : "a47cb6627c18898317171265eeea47e2" }, "roles" : [ { "role" : "dbOwner", "db" : "zhuima" } ] }
>
### 用户管理后记
- 多用help 类似db.help()
- 看官方文档,然后把命令都敲一遍
- 多实践才是王道
## 来一些系统的基本的查看管理命令
### help指令
- 多用help,你会发现原来世界那么美好
> help
db.help() help on db methods
db.mycoll.help() help on collection methods
sh.help() sharding helpers
rs.help() replica set helpers
help admin administrative help
help connect connecting to a db help
help keys key shortcuts
help misc misc things to know
help mr mapreduce
show dbs show database names
show collections show collections in current database
show users show users in current database
show profile show most recent system.profile entries with time >= 1ms
show logs show the accessible logger names
show log [name] prints out the last segment of log in memory, ‘global‘ is default
use <db_name> set current database
db.foo.find() list objects in collection foo
db.foo.find( { a : 1 } ) list objects in foo where a == 1
it result of the last line evaluated; use to further iterate
DBQuery.shellBatchSize = x set default number of items to display on shell
exit quit the mongo shell
> db.help()
DB methods:
db.adminCommand(nameOrDocument) - switches to ‘admin‘ db, and runs command [ just calls db.runCommand(...) ]
db.auth(username, password)
db.cloneDatabase(fromhost)
db.commandHelp(name) returns the help for the command
db.copyDatabase(fromdb, todb, fromhost)
db.createCollection(name, { size : ..., capped : ..., max : ... } )
db.createUser(userDocument)
db.currentOp() displays currently executing operations in the db
db.dropDatabase()
db.eval(func, args) run code server-side
db.fsyncLock() flush data to disk and lock server for backups
db.fsyncUnlock() unlocks server following a db.fsyncLock()
db.getCollection(cname) same as db[‘cname‘] or db.cname
db.getCollectionNames()
db.getLastError() - just returns the err msg string
db.getLastErrorObj() - return full status object
db.getMongo() get the server connection object
db.getMongo().setSlaveOk() allow queries on a replication slave server
db.getName()
db.getPrevError()
db.getProfilingLevel() - deprecated
db.getProfilingStatus() - returns if profiling is on and slow threshold
db.getReplicationInfo()
db.getSiblingDB(name) get the db at the same server as this one
db.getWriteConcern() - returns the write concern used for any operations on this db, inherited from server object if set
db.hostInfo() get details about the server‘s host
db.isMaster() check replica primary status
db.killOp(opid) kills the current operation in the db
db.listCommands() lists all the db commands
db.loadServerScripts() loads all the scripts in db.system.js
db.logout()
db.printCollectionStats()
db.printReplicationInfo()
db.printShardingStatus()
db.printSlaveReplicationInfo()
db.dropUser(username)
db.repairDatabase()
db.resetError()
db.runCommand(cmdObj) run a database command. if cmdObj is a string, turns it into { cmdObj : 1 }
db.serverStatus()
db.setProfilingLevel(level,<slowms>) 0=off 1=slow 2=all
db.setWriteConcern( <write concern doc> ) - sets the write concern for writes to the db
db.unsetWriteConcern( <write concern doc> ) - unsets the write concern for writes to the db
db.setVerboseShell(flag) display extra information in shell output
db.shutdownServer()
db.stats()
db.version() current version of the server
>
### 查看当前所在数据库位置
- 第一种方式
> > db.status admin.status >
- 第二种方式
> db.getName(); admin >
### 当前数据库版本
> db.version() 2.6.3 >
### 查看当前数据库中的包含的集合
> show collections system.indexes system.users system.version
### 删除数据库
- 切换到该数据库目录下,进行drop操作即可
> show dbs
admin 0.078GB
local 1.078GB
zhuima 0.078GB
> use zhuima
switched to db zhuima
> db.dropDatabase()
{ "dropped" : "zhuima", "ok" : 1 }
> show dbs
admin 0.078GB
local 1.078GB
>
### 查看各collection的状态
> use admin
switched to db admin
> db.printCollectionStats()
system.indexes
{
"ns" : "admin.system.indexes",
"count" : 3,
"size" : 336,
"avgObjSize" : 112,
"storageSize" : 8192,
"numExtents" : 1,
"nindexes" : 0,
"lastExtentSize" : 8192,
"paddingFactor" : 1,
"systemFlags" : 0,
"userFlags" : 1,
"totalIndexSize" : 0,
"indexSizes" : {
},
"ok" : 1
}
---
system.users
{
"ns" : "admin.system.users",
"count" : 3,
"size" : 720,
"avgObjSize" : 240,
"storageSize" : 8192,
"numExtents" : 1,
"nindexes" : 2,
"lastExtentSize" : 8192,
"paddingFactor" : 1,
"systemFlags" : 1,
"userFlags" : 1,
"totalIndexSize" : 16352,
"indexSizes" : {
"_id_" : 8176,
"user_1_db_1" : 8176
},
"ok" : 1
}
---
system.version
{
"ns" : "admin.system.version",
"count" : 1,
"size" : 48,
"avgObjSize" : 48,
"storageSize" : 8192,
"numExtents" : 1,
"nindexes" : 1,
"lastExtentSize" : 8192,
"paddingFactor" : 1,
"systemFlags" : 1,
"userFlags" : 1,
"totalIndexSize" : 8176,
"indexSizes" : {
"_id_" : 8176
},
"ok" : 1
}
---
>
### 查看collection数据的大小
> db.system.users.dataSize() 720 >
### 增删查改的文章请移步到上篇文章
时间: 2024-10-13 14:45:26