Of Stack

mongodb permission Settings to add administrator normal user method

  • 2020-05-09 19:33:37
  • OfStack

All relational databases I know have access control, which users can access which libraries, which tables, which users can insert and update, and some users only have access to read.

For example, after the installation and configuration of mysql, there is a built-in mysql database, in which there is an user table for storing users and user permissions, while mongodb, the most relational database, has such a table.

1. To grasp the authority and understand the following four items is basically the same

1. There is no default administrator account in mongodb, so you need to add the administrator account first, and then enable permission authentication.
2. Switch to admin database and the account added is the administrator account.
3. The user can only log in the database where the user is located, including the administrator account.
4. The administrator can manage all databases, but cannot directly manage other databases. Only after the authentication of admin database can the administrator. This one is odd

2. Add an administrator account 


[root@localhost test]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> use admin                    // Switch to the admin The database 
switched to db admin
> show collections;
system.indexes
system.users                   // The users table 
> db.system.users.find();      // The user table has no data 
> db.addUser('tank','test');   // add 1 Administrator account number 
{
    "user" : "testuser",
    "readOnly" : false,
    "pwd" : "988432606980d0695e4f668f6bbc643a",
    "_id" : ObjectId("529e5d543b6a4608ac833429")
}


3. Start user authorization authentication 


[root@localhost test]# vim /etc/mongodb.conf           // will auth=true Remove the previous comment 
[root@localhost test]# /etc/init.d/mongod restart      // Restart to take effect


4. Users can only log in the database where they are located, and administrators need to pass admin authentication before they can manage other databases 


[root@localhost test]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> show dbs;           // Display all databases failed because there is no authentication 
Wed Dec  4 06:39:50.925 listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:46
> db.auth('tank','test');    // Authentication failed because the user does not belong tank This database 
Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" }
0
> use admin        // Switch to the admin The database 
switched to db admin
> db.auth('tank','test');   // in admin Database authentication successful 
1
> use tank;           // Switch to the tank The database 
switched to db tank
> show collections;   // No more permissions at the prompt 
contact
system.indexes
users


5. Add regular users 


> use tank;
switched to db tank
> db.addUser('tank1','test');     // for tank The database is added 1 Three read-write users tank1
{
    "_id" : ObjectId("529e5f8474b4c660718a70f3"),
    "user" : "tank1",
    "readOnly" : false,
    "pwd" : "35dd47abff098f5b4f0b567db8edeac5"
}
> db.addUser('tank2','test',true);  // for tank The database is added 1 10 read-only users tank2
{
    "user" : "tank2",
    "readOnly" : true,
    "pwd" : "1792916c544d247538ded52e6df7b887",
    "_id" : ObjectId("529e67553992b24438d5e315")
}
> exit    // exit 
bye
[root@localhost zhangy]# mongo
MongoDB shell version: 2.4.6
connecting to: tank
> db.auth('tank1','test');    // The user you just added can log in. 
1


6. php client connection

1. Recommended method 1 

$mongo = new Mongo();    
$db = $mongo->selectDB('tank');   // Switch to the tank The database   
$db->authenticate("tank3", "test");   // certification 
$users= $db->selectCollection("users");  // select users table 
$cursor = $users->find();   // Read the data 
foreach ($cursor as $id => $value) {
    echo "$id: "; print_r($value); echo "<br>";
}[code]

This approach is easy to understand, and the process from the root command line is similar.

2. Recommended method 2 


$mongo = new Mongo("mongodb://tank3:test@127.0.0.1:27017/tank");   // Authentication user, the database here, only the authentication role 
$db = $mongo->selectDB('tank');  // Select database 
$users= $db->selectCollection("users");
$cursor = $users->find();
foreach ($cursor as $id => $value) {
    echo "$id: "; print_r($value); echo "<br>";
}

The difference between the above two methods is that 1 database is selected first for authentication and 1 database is selected first for authentication.

Related articles: