WeChat official account: [front-end one-pot cooking]


A little technology, a little thinking.


Questions or suggestions, please leave a message on the public account.

Relevant command

Check the native MongoDB version: mongo-version

Check the machine running mongo: ps aux | grep mongo

Connect to the local database: mongo localhost:27017

Mongo-port 27017-u ‘admin’ -p ‘admin_root_test’ mongo-port 27017-u ‘admin’ -p ‘admin_root_test’

Show database list: Show DBS

Switch/create database: use mytest

Delete current database: db.dropDatabase()

Db.createCollection (‘book’)

Show all current users: Show Users

Delete user: db.dropuser (‘myread’)

Kill the running MongoDB: kill pid

Read-only permission setting

  1. Start the MongoDB service

MAC: mongod — dbpath/usr/local/var/mongo – logpath/usr/local/var/log/mongo/mongo. Log – fork

Linux: systemctl start mongod or service mongod start

  1. Enter the command

mongo localhost:27017

  1. Create administrator account
use admin
db.createUser({user:'admin', pwd:'admin_root_test',roles:[{ role: 'root', db: 'admin' }]})
  1. Close the mongo

db.adminCommand( { shutdown: 1 } )

or

Ps - ef | grep mongo / / view momgodb pid kill pid
  1. Reopen with permission authentication

mongod --auth --dbpath /usr/local/var/mongodb --logpath /usr/local/var/log/mongodb/mongo.log --fork

or

vi /etc/mongod.conf
security:
  authorization: enabled
  1. Reenter command

mongo -port 27017 -u 'admin' -p 'admin_root_test'

  1. Creating a read-only user
Db. CreateCollection ('book') // Show DBS db. CreateUser ({user: 'myread', PWD: 'myread_pwd', roles: [{ role: 'read', db: 'mytest' }] })

Role Permission Interpretation

2. Built In Roles:

  1. Database user roles: read, readWrite.
  2. Database management roles: dbAdmin, dbOwner, userAdmin
  3. Cluster management roles: ClusterEradicmin, ClusterManager, ClusterMonitor, HostManager.
  4. Backup restore roles: BACKUP, RESTORE.
  5. All database roles: ReadAnyDatabase, ReadWriteAnyDatabase, USADMINANYDATABASE, DBADMINANYDATABASE.
  6. There are several other roles that provide access, either indirectly or directly, to the system’s superuser (dbOwner, userAdmin, userAdmin any database).
  7. Internal role: __system.

Specific roles:

  • Read: Allows the user to Read the specified database.
  • ReadWrite: Allows the user to read and write to the specified database.
  • DbAdmin: Allows the user to perform administrative functions, such as index creation, deletion, view statistics, or access, in the specified database.
  • UserAdmin: It allows users to write to the System.Users set. There is such a thing as creating, removing, and managing users from a specified database.
  • Clustradicmin: Use only in the admin database to grant the user administrative authority on all sharding and replication set related functions.
  • ReadAnyDatabase: Only available in the admin database, giving the user read rights to all databases.
  • ReadWriteAnyDatabase: Only available in the admin database, giving the user read and write access to all databases.
  • It will be used only in the admin database to grant the user userAdmin permission for all databases.
  • DBADMINANYDATABASE: Only available in the ADMIN database, giving the user DBADMIN permissions for all databases.
  • Root: Available in ADMI N databases only. Super account, super permissions.