mongodb adds details on user and permission Settings
- 2020-05-07 20:38:10
- OfStack
For example, after the installation and configuration of mysql, there is a built-in mysql database, in which there is an user table to store users and user permissions, and mongodb, the most relational database, has such a table.
1, master the rights, understand the following four basically about the same
1. There is no default administrator account in mongodb, so it is necessary to add the administrator account first, and then enable authorization.
2. Switch to admin database, and the added account is the administrator account.
3. The user can only login in the database where the user is located, including the administrator account.
4. The administrator can manage all databases, but cannot directly manage other databases, only after the admin database authentication. This one is weird
2. Add administrator account
[root@localhost zhangy]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> use admin // Switch to the admin The database
switched to db admin
> show collections;
system.indexes
system.users // The users table
> db.system.users.find(); // The user table has no data
> db.addUser('tank','test'); // add 1 Administrator account number
{
"user" : "tank",
"readOnly" : false,
"pwd" : "988432606980d0695e4f668f6bbc643a",
"_id" : ObjectId("529e5d543b6a4608ac833429")
}
3. Start user authorization authentication
[root@localhost zhangy]# vim /etc/mongodb.conf // will auth=true Remove the previous comment
[root@localhost zhangy]# /etc/init.d/mongod restart // Restart to take effect
4. Users can only login in the database where they are located, and administrators can only manage other databases after they have passed admin authentication
[root@localhost zhangy]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> show dbs; // Displays all databases failed because there is no authentication
Wed Dec 4 06:39:50.925 listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
> db.auth('tank','test'); // Authentication failed because the user does not belong tank This database
Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" }
0
> use admin // Switch to the admin The database
switched to db admin
> db.auth('tank','test'); // in admin Database authentication successful
1
> use tank; // Switch to the tank The database
switched to db tank
> show collections; // No more permissions at the prompt
contact
system.indexes
users
5. Add the normal function
> use tank;
switched to db tank
> db.addUser('tank1','test'); // for tank The database is added 1 Three read-write users tank1
{
"_id" : ObjectId("529e5f8474b4c660718a70f3"),
"user" : "tank1",
"readOnly" : false,
"pwd" : "35dd47abff098f5b4f0b567db8edeac5"
}
> db.addUser('tank2','test',true); // for tank The database is added 1 10 read-only users tank2
{
"user" : "tank2",
"readOnly" : true,
"pwd" : "1792916c544d247538ded52e6df7b887",
"_id" : ObjectId("529e67553992b24438d5e315")
}
> exit // exit
bye
[root@localhost zhangy]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> db.auth('tank1','test'); // The user you just added can log in.
6, php client connection
1. Recommend method 1
$mongo = new Mongo();
$db = $mongo->selectDB('tank'); // Switch to the tank The database
$db->authenticate("tank3", "test"); // certification
$users= $db->selectCollection("users"); // select users table
$cursor = $users->find(); // Read the data
foreach ($cursor as $id => $value) {
echo "$id: "; print_r($value); echo "<br>";
}
This is easy to understand, and the process is similar from the root command line.
2. Recommend method 2
$mongo = new Mongo("mongodb://tank3:test@127.0.0.1:27017/tank"); // Authentication user, the database here, only the authentication role
$db = $mongo->selectDB('tank'); // Select database
$users= $db->selectCollection("users");
$cursor = $users->find();
foreach ($cursor as $id => $value) {
echo "$id: "; print_r($value); echo "<br>";
}
The difference between the two methods above is that 1 database is selected first for authentication and 1 database is selected first for authentication.