发表新帖
发表新帖

MongoDB “root” user

前端 未结
关注
6 1387
执笔经年
执笔经年 2020-12-22 19:02

Is there a super UNIX like \"root\" user for MongoDB? I\'ve been looking at http://docs.mongodb.org/manual/reference/user-privileges/ and have tried many combinations, but t

相关标签:
6条回答
  • 迷失自我
    2020-12-22 19:32

    There is a Superuser Roles: root, which is a Built-In Roles, may meet your need.

    0 讨论(0)
  • 广开言路
    2020-12-22 19:34

    The best superuser role would be the root.The Syntax is:

    use admin

db.createUser(
{
    user: "root",
    pwd: "password",
    roles: [ "root" ]
})

    For more details look at built-in roles.

    Hope this helps !!!

    0 讨论(0)
  • 梦如初夏
    2020-12-22 19:35

    While out of the box, MongoDb has no authentication, you can create the equivalent of a root/superuser by using the "any" roles to a specific user to the admin database.

    Something like this:

    use admin
db.addUser( { user: "<username>",
          pwd: "<password>",
          roles: [ "userAdminAnyDatabase",
                   "dbAdminAnyDatabase",
                   "readWriteAnyDatabase"

] } )

    Update for 2.6+

    While there is a new root user in 2.6, you may find that it doesn't meet your needs, as it still has a few limitations:

    Provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin roles combined.

    root does not include any access to collections that begin with the system. prefix.

    Update for 3.0+

    Use db.createUser as db.addUser was removed.

    Update for 3.0.7+

    root no longer has the limitations stated above.

    The root has the validate privilege action on system. collections. Previously, root does not include any access to collections that begin with the system. prefix other than system.indexes and system.namespaces.

    0 讨论(0)
  • 醉酒成梦
    2020-12-22 19:35

    Mongodb user management:

    roles list:

    read
readWrite
dbAdmin
userAdmin
clusterAdmin
readAnyDatabase
readWriteAnyDatabase
userAdminAnyDatabase
dbAdminAnyDatabase

    create user:

    db.createUser(user, writeConcern)

db.createUser({ user: "user",
  pwd: "pass",
  roles: [
    { role: "read", db: "database" } 
  ]
})

    update user:

    db.updateUser("user",{
  roles: [
    { role: "readWrite", db: "database" } 
  ]
})

    drop user:

    db.removeUser("user")

    or

    db.dropUser("user")

    view users:

    db.getUsers();

    more information: https://docs.mongodb.com/manual/reference/security/#read

    0 讨论(0)
  • 甜味超标
    2020-12-22 19:35

    "userAdmin is effectively the superuser role for a specific database. Users with userAdmin can grant themselves all privileges. However, userAdmin does not explicitly authorize a user for any privileges beyond user administration." from the link you posted

    0 讨论(0)
  • 情歌与酒
    2020-12-22 19:48

    I noticed a lot of these answers, use this command:

    use admin

    which switches to the admin database. At least in Mongo v4.0.6, creating a user in the context of the admin database will create a user with "_id" : "admin.administrator":

    > use admin
> db.getUsers()
[ ]
> db.createUser({ user: 'administrator', pwd: 'changeme', roles: [ { role: 'root', db: 'admin' }  ] })
> db.getUsers()
[
    {
        "_id" : "admin.administrator",
        "user" : "administrator",
        "db" : "admin",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]

    I emphasize "admin.administrator", for I have a Mongoid (mongodb ruby adapter) application with a different database than admin and I use the URI to reference the database in my mongoid.yml configuration:

    development:
  clients:
    default:
      uri: <%= ENV['MONGODB_URI'] %>
      options:
        connect_timeout: 15
        retry_writes: false

    This references the following environment variable:

    export MONGODB_URI='mongodb://administrator:changeme@127.0.0.1/mysite_development?retryWrites=true&w=majority'

    Notice the database is mysite_development, not admin. When I try to run the application, I get an error "User administrator (mechanism: scram256) is not authorized to access mysite_development".

    So I return to the Mongo shell delete the user, switch to the specified database and recreate the user:

    $ mongo
> db.dropUser('administrator')
> db.getUsers()
[]
> use mysite_development
> db.createUser({ user: 'administrator', pwd: 'changeme', roles: [ { role: 'root', db: 'admin' }  ] })
> db.getUsers()
[
    {
        "_id" : "mysite_development.administrator",
        "user" : "administrator",
        "db" : "mysite_development",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]

    Notice that the _id and db changed to reference the specific database my application depends on:

    "_id" : "mysite_development.administrator",
"db" : "mysite_development",

    After making this change, the error went away and I was able to connect to MongoDB fine inside my application.

    Extra Notes:

    In my example above, I deleted the user and recreated the user in the right database context. Had you already created the user in the right database context but given it the wrong roles, you could assign a mongodb built-in role to the user:

    db.grantRolesToUser('administrator', [{ role: 'root', db: 'admin' }])

    There is also a db.updateUser command, albiet typically used to update the user password.

    0 讨论(0)
 看不清?
提交回复
热议问题