mongodb 添加用户和验证

####mongodb版本
$ mongod --version

db version v3.0.7
git version: nogitversion

####添加admin用户

use admin

switched to db admin

db.createUser({user:'admin',pwd:'password123',roles:[{role:'root',db:'admin'}]})

Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}

####启用auth

systemLog:
destination: file
path: /usr/local/var/log/mongodb/mongo.log
logAppend: true
storage:
dbPath: /usr/local/var/mongodb
net:
bindIp: 127.0.0.1
#添加如下行
security:
authorization: enabled

####重新启动mongodb
$ mongod -f /usr/local/etc/mongod.conf

####使用admin用户登录
> use admin

switched to db admin

> db.auth({user:'admin',pwd:'password123'})

1

> use db1

switched to db db1

> db.table1.find()

{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }

####新建readonly用户
使用read-user用户登录发现只能对db1的执行查询操作

db.createUser({user:'read-user',pwd:'123456',roles:[{role:'read',db:'db1'}]})
Successfully added user: {
"user" : "read-user",
"roles" : [
{
"role" : "read",
"db" : "db1"
}
]
}

> db.auth({user:'read-user',pwd:'123456'})

1

> show dbs

2016-04-04T11:22:56.549+0800 E QUERY    Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
"code" : 13
}
at Error (<anonymous>)
at Mongo.getDBs (src/mongo/shell/mongo.js:47:15)
at shellHelper.show (src/mongo/shell/utils.js:630:33)
at shellHelper (src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47

> use db1

switched to db db1

> show tables

system.indexes
table1

> db.table1.find()

{ "_id" : ObjectId("57010327d2aad932b6e8d843"), "name" : "gongjun1", "age" : 26 }
{ "_id" : ObjectId("57010785d2aad932b6e8d845"), "name" : "hello", "age" : 123 }
{ "_id" : ObjectId("5701078cd2aad932b6e8d846"), "name" : "world", "age" : 12 }
{ "_id" : ObjectId("57010796d2aad932b6e8d847"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("5701079fd2aad932b6e8d848"), "name" : "yi", "age" : 32 }
{ "_id" : ObjectId("570107d4d2aad932b6e8d849"), "name" : "jia", "age" : 45 }
{ "_id" : ObjectId("57010b3ed2aad932b6e8d84a"), "name" : "jia", "age" : "65" }

> db.table1.insert({"name" : "yi", "age" : 32 }) #执行插入报错

WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on db1 to execute command { insert: \"table1\", documents: [ { _id: ObjectId('5701df5736ebd2a019bfb3f2'), name: \"yi\", age: 32.0 } ], ordered: true }"
}
})

> use local

switched to db local

> db.startup_log.find() #在local库中查询报错

Error: error: { "$err" : "not authorized for query on local.startup_log", "code" : 13 }