MongoDB sets access rights for users
- 2020-05-06 11:57:38
- OfStack
MongoDB has been used for a long time, and the data storage based on MongoDB has not been used for permission access (MongoDB is set to have no permission access by default). Today, I spent some time to study it, and the research results are as follows:
note: the research results are based on Windows platform
MongoDB
after the native installation is deployed 1. Type show dbs and you will find that it has two databases built in, one named admin and the other named local. local does not seem to be useful. If anyone finds the purpose of local table in the process of using it, please leave a message to remind them. Let's focus on admin table
use admin, you will find that the DB contains a system.user table db.addUser('sa','sa'), here I add a super administrator user, username is sa, password is also sa, that is, we add a super administrator, let's test, let's see if we connect MongoDB again need to prompt for the user name, password, we first exit (ctrl+c)
4. Enter use admin
5. Enter the command: show collections, check all the tables in the library, you will find that MongoDB does not prompt you to enter the user name, password, that is strange, what is going on? It was mentioned at the beginning of the article,
MongoDB is set to no access limit by default, that is, let's first set it as required access limit, let's see the effect, how to set?
6. In the registry, find the MongoDB node, in its ImgPath, we modify it to add -auth, as shown below:
"D:\Program Files\mongodb\bin\mongod" -dbpath e:\work\data\mongodb\db -logpath e:\work\data\mongodb\log -auth -service
7. Enter command: use admin
8. Input command: show collections, hehe, we found that we could not view the table under the library, prompt: "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1", obviously, there is no permission, it seems that the key is here, when we start MongoDB, we need to add the -auth parameter, so that the permission we set can take effect, ok, next we use the user name and password we just set before to access
9. Enter command: db.auth ('sa','sa'), output a result value of 1, indicating that the user is matched, if the user name and password are not correct, enter 0
10. Enter the command: show collections, hehe, the result is out, at this point, the permission Settings are only more than half of the way, then on, let's exit (ctrl+c)
11. Enter mongo TestDB, we try to connect to a new library (whether the library exists or not, if it doesn't, adding data to the library will create the library by default), and then we want to look at the table
in the library 12. Enter command: show collections, boy, no permissions, let's enter the username and password
created above Es85en.auth ('sa','sa'), enter the result 0, the user does not exist, this may not understand, just created earlier, how not to exist? The reason is that when we have separate access to MongoDB's database, the user name and password are not super administrators, but users in the system.user table of the library. Okay, now what? No permissions, so let's try to add user
to the system.user table of the library 14. Input command: db.addUser ('test','111111'), wow, still prompt no permission, this how to do, the new database can not be accessed by the super administrator, the creation of the user also has no permission, ha ha, don't worry, that is to set the super administrator user, it must have permission to access all the library
15. Enter command: use admin
16. Enter db.auth('sa','sa')
17. Enter use TestDB
18. Input command: show collections, ha ha, clear all the way, we found that can take advantage of the super administrator user access to other libraries, ha ha, this is not a separate access, it is not hard to find, we are the first to enter admin library, then turned to other libraries, admin rather then a highest-ranking official area, if you are a property developer, want to be in place to get a big project to do, do you think through those senior officials, this doesn't work, you need to go to them first, and give some gift, then down, down to the place you can reach the engineering, This is a personal opinion and does not represent the blog garden. We don't have to say hello to the senior officials every time we add a brick or a tile. So we have to legalize the project. We have to get all the necessary paperwork and documents Es115en.addUser ('test','111111'), we add a user to the TestDB library. Every time I visit the library, I use the user I just created 20. Enter mongo TestDB
21. Enter command: show collections, indicating no permission
22. Input command: db.auth('test','111111'), output result 1, user exists, verify
successfully 23. Enter command: show collections, no more hint that I have no permission, congratulations,
succeeded Note: when you need permission to access MongoDB, if you need to view all the libraries in MongoDB, you can only view show dbs with super administrator permission.
note: the research results are based on Windows platform
MongoDB
after the native installation is deployed 1. Type show dbs and you will find that it has two databases built in, one named admin and the other named local. local does not seem to be useful. If anyone finds the purpose of local table in the process of using it, please leave a message to remind them. Let's focus on admin table
use admin, you will find that the DB contains a system.user table db.addUser('sa','sa'), here I add a super administrator user, username is sa, password is also sa, that is, we add a super administrator, let's test, let's see if we connect MongoDB again need to prompt for the user name, password, we first exit (ctrl+c)
4. Enter use admin
5. Enter the command: show collections, check all the tables in the library, you will find that MongoDB does not prompt you to enter the user name, password, that is strange, what is going on? It was mentioned at the beginning of the article,
MongoDB is set to no access limit by default, that is, let's first set it as required access limit, let's see the effect, how to set?
6. In the registry, find the MongoDB node, in its ImgPath, we modify it to add -auth, as shown below:
"D:\Program Files\mongodb\bin\mongod" -dbpath e:\work\data\mongodb\db -logpath e:\work\data\mongodb\log -auth -service
7. Enter command: use admin
8. Input command: show collections, hehe, we found that we could not view the table under the library, prompt: "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1", obviously, there is no permission, it seems that the key is here, when we start MongoDB, we need to add the -auth parameter, so that the permission we set can take effect, ok, next we use the user name and password we just set before to access
9. Enter command: db.auth ('sa','sa'), output a result value of 1, indicating that the user is matched, if the user name and password are not correct, enter 0
10. Enter the command: show collections, hehe, the result is out, at this point, the permission Settings are only more than half of the way, then on, let's exit (ctrl+c)
11. Enter mongo TestDB, we try to connect to a new library (whether the library exists or not, if it doesn't, adding data to the library will create the library by default), and then we want to look at the table
in the library 12. Enter command: show collections, boy, no permissions, let's enter the username and password
created above Es85en.auth ('sa','sa'), enter the result 0, the user does not exist, this may not understand, just created earlier, how not to exist? The reason is that when we have separate access to MongoDB's database, the user name and password are not super administrators, but users in the system.user table of the library. Okay, now what? No permissions, so let's try to add user
to the system.user table of the library 14. Input command: db.addUser ('test','111111'), wow, still prompt no permission, this how to do, the new database can not be accessed by the super administrator, the creation of the user also has no permission, ha ha, don't worry, that is to set the super administrator user, it must have permission to access all the library
15. Enter command: use admin
16. Enter db.auth('sa','sa')
17. Enter use TestDB
18. Input command: show collections, ha ha, clear all the way, we found that can take advantage of the super administrator user access to other libraries, ha ha, this is not a separate access, it is not hard to find, we are the first to enter admin library, then turned to other libraries, admin rather then a highest-ranking official area, if you are a property developer, want to be in place to get a big project to do, do you think through those senior officials, this doesn't work, you need to go to them first, and give some gift, then down, down to the place you can reach the engineering, This is a personal opinion and does not represent the blog garden. We don't have to say hello to the senior officials every time we add a brick or a tile. So we have to legalize the project. We have to get all the necessary paperwork and documents Es115en.addUser ('test','111111'), we add a user to the TestDB library. Every time I visit the library, I use the user I just created 20. Enter mongo TestDB
21. Enter command: show collections, indicating no permission
22. Input command: db.auth('test','111111'), output result 1, user exists, verify
successfully 23. Enter command: show collections, no more hint that I have no permission, congratulations,
succeeded Note: when you need permission to access MongoDB, if you need to view all the libraries in MongoDB, you can only view show dbs with super administrator permission.