WeChat official account: [front-end one-pot cooking]
A little technology, a little thinking.
Questions or suggestions, please leave a message on the public account.
Relevant command
Check the native MongoDB version: mongo-version
Check the machine running mongo: ps aux | grep mongo
Connect to the local database: mongo localhost:27017
Mongo-port 27017-u ‘admin’ -p ‘admin_root_test’ mongo-port 27017-u ‘admin’ -p ‘admin_root_test’
Show database list: Show DBS
Switch/create database: use mytest
Delete current database: db.dropDatabase()
Db.createCollection (‘book’)
Show all current users: Show Users
Delete user: db.dropuser (‘myread’)
Kill the running MongoDB: kill pid
Read-only permission setting
- Start the MongoDB service
MAC: mongod — dbpath/usr/local/var/mongo – logpath/usr/local/var/log/mongo/mongo. Log – fork
Linux: systemctl start mongod or service mongod start
- Enter the command
mongo localhost:27017
- Create administrator account
use admin
db.createUser({user:'admin', pwd:'admin_root_test',roles:[{ role: 'root', db: 'admin' }]})
- Close the mongo
db.adminCommand( { shutdown: 1 } )
or
Ps - ef | grep mongo / / view momgodb pid kill pid
- Reopen with permission authentication
mongod --auth --dbpath /usr/local/var/mongodb --logpath /usr/local/var/log/mongodb/mongo.log --fork
or
vi /etc/mongod.conf
security:
authorization: enabled
- Reenter command
mongo -port 27017 -u 'admin' -p 'admin_root_test'
- Creating a read-only user
Db. CreateCollection ('book') // Show DBS db. CreateUser ({user: 'myread', PWD: 'myread_pwd', roles: [{ role: 'read', db: 'mytest' }] })
Role Permission Interpretation
2. Built In Roles:
- Database user roles: read, readWrite.
- Database management roles: dbAdmin, dbOwner, userAdmin
- Cluster management roles: ClusterEradicmin, ClusterManager, ClusterMonitor, HostManager.
- Backup restore roles: BACKUP, RESTORE.
- All database roles: ReadAnyDatabase, ReadWriteAnyDatabase, USADMINANYDATABASE, DBADMINANYDATABASE.
- There are several other roles that provide access, either indirectly or directly, to the system’s superuser (dbOwner, userAdmin, userAdmin any database).
- Internal role: __system.
Specific roles:
- Read: Allows the user to Read the specified database.
- ReadWrite: Allows the user to read and write to the specified database.
- DbAdmin: Allows the user to perform administrative functions, such as index creation, deletion, view statistics, or access, in the specified database.
- UserAdmin: It allows users to write to the System.Users set. There is such a thing as creating, removing, and managing users from a specified database.
- Clustradicmin: Use only in the admin database to grant the user administrative authority on all sharding and replication set related functions.
- ReadAnyDatabase: Only available in the admin database, giving the user read rights to all databases.
- ReadWriteAnyDatabase: Only available in the admin database, giving the user read and write access to all databases.
- It will be used only in the admin database to grant the user userAdmin permission for all databases.
- DBADMINANYDATABASE: Only available in the ADMIN database, giving the user DBADMIN permissions for all databases.
- Root: Available in ADMI N databases only. Super account, super permissions.