当前位置:theitroad>MongoDB“root”用户

MongoDB“root”用户

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/20117104/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-09 13:31:03  来源:igfitidea点击:

MongoDB "root" user

mongodbauthenticationmongodb-queryauthorizationroles

提问by No_name

Is there a super UNIX like "root" user for MongoDB? I've been looking at http://docs.mongodb.org/manual/reference/user-privileges/and have tried many combinations, but they all seem to lack in an area or another. Surely there is a role that is above all the ones listed there.

MongoDB 是否有像“root”用户这样的超级 UNIX?我一直在查看http://docs.mongodb.org/manual/reference/user-privileges/并尝试了许多组合,但它们似乎都缺乏某个领域。当然,有一个角色高于此处列出的所有角色。

回答by WiredPrairie

While out of the box, MongoDb has no authentication, you can create the equivalent of a root/superuser by using the "any" roles to a specific user to the admindatabase.

虽然开箱即用,但 MongoDb 没有身份验证,您可以通过对admin数据库的特定用户使用“任何”角色来创建 root/超级用户的等效项。

Something like this:

像这样的东西:

use admin
db.addUser( { user: "<username>",
          pwd: "<password>",
          roles: [ "userAdminAnyDatabase",
                   "dbAdminAnyDatabase",
                   "readWriteAnyDatabase"

] } )

Update for 2.6+

2.6+ 更新

While there is a new rootuser in 2.6, you may find that it doesn't meet your needs, as it still has a few limitations:

虽然2.6 中有一个新的root用户,但您可能会发现它不能满足您的需求,因为它仍然有一些限制:

Provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin roles combined.

root does not include any access to collections that begin with the system. prefix.

提供对 readWriteAnyDatabase、dbAdminAnyDatabase、userAdminAnyDatabase 和 clusterAdmin 角色组合的操作和所有资源的访问。

root 不包括对以系统开头的集合的任何访问权限。字首。

Update for 3.0+

3.0+ 更新

Use db.createUseras db.addUserwas removed.

db.createUser按原样使用db.addUser

Update for 3.0.7+

3.0.7+ 更新

rootno longer has the limitations stated above.

root不再有上述限制。

The root has the validate privilege action on system. collections. Previously, root does not include any access to collections that begin with the system. prefix other than system.indexes and system.namespaces.

根在系统上具有验证权限操作。集合。以前,root 不包括对以系统开头的集合的任何访问权限。system.indexes 和 system.namespaces 以外的前缀。

回答by JERRY

The best superuser role would be the root.The Syntax is:

最好的超级用户角色是root。语法是:

use admin

db.createUser(
{
    user: "root",
    pwd: "password",
    roles: [ "root" ]
})

For more details look at built-in roles.

有关更多详细信息,请查看内置角色。

Hope this helps !!!

希望这可以帮助 !!!

回答by KARTHIKEYAN.A

Mongodb user management:

Mongodb用户管理:

roles list:

角色列表:

read
readWrite
dbAdmin
userAdmin
clusterAdmin
readAnyDatabase
readWriteAnyDatabase
userAdminAnyDatabase
dbAdminAnyDatabase

create user:

创建用户:

db.createUser(user, writeConcern)

db.createUser({ user: "user",
  pwd: "pass",
  roles: [
    { role: "read", db: "database" } 
  ]
})

update user:

更新用户:

db.updateUser("user",{
  roles: [
    { role: "readWrite", db: "database" } 
  ]
})

drop user:

删除用户:

db.removeUser("user")

or

或者

db.dropUser("user")

view users:

查看用户:

db.getUsers();

more information:https://docs.mongodb.com/manual/reference/security/#read

更多信息:https : //docs.mongodb.com/manual/reference/security/#read

回答by ahyong

There is a Superuser Roles: root, which is a Built-In Roles, may meet your need.

有一个超级用户角色:root,它是一个内置角色,可以满足您的需要。

回答by Donato

I noticed a lot of these answers, use this command:

我注意到很多这些答案,使用这个命令:

use admin

which switches to the admin database. At least in Mongo v4.0.6, creating a user in the context of the admin database will create a user with "_id" : "admin.administrator":

切换到管理数据库。至少在 Mongo v4.0.6 中,在 admin 数据库的上下文中创建用户将创建一个用户"_id" : "admin.administrator"

> use admin
> db.getUsers()
[ ]
> db.createUser({ user: 'administrator', pwd: 'changeme', roles: [ { role: 'root', db: 'admin' }  ] })
> db.getUsers()
[
    {
        "_id" : "admin.administrator",
        "user" : "administrator",
        "db" : "admin",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]

I emphasize "admin.administrator", for I have a Mongoid (mongodb ruby adapter) application with a different database than admin and I use the URI to reference the database in my mongoid.yml configuration:

我强调"admin.administrator",因为我有一个 Mongoid(mongodb ruby​​ 适配器)应用程序,其数据库与 admin 不同,我使用 URI 来引用我的 mongoid.yml 配置中的数据库:

development:
  clients:
    default:
      uri: <%= ENV['MONGODB_URI'] %>
      options:
        connect_timeout: 15
        retry_writes: false

This references the following environment variable:

这引用了以下环境变量:

export MONGODB_URI='mongodb://administrator:[email protected]/mysite_development?retryWrites=true&w=majority'

Notice the database is mysite_development, not admin. When I try to run the application, I get an error "User administrator (mechanism: scram256) is not authorized to access mysite_development".

请注意,数据库是 mysite_development,而不是 admin。当我尝试运行该应用程序时,出现错误“用户管理员(机制:scram256)无权访问 mysite_development”。

So I return to the Mongo shell delete the user, switch to the specified database and recreate the user:

于是我回到Mongo shell删除用户,切换到指定的数据库,重新创建用户:

$ mongo
> db.dropUser('administrator')
> db.getUsers()
[]
> use mysite_development
> db.createUser({ user: 'administrator', pwd: 'changeme', roles: [ { role: 'root', db: 'admin' }  ] })
> db.getUsers()
[
    {
        "_id" : "mysite_development.administrator",
        "user" : "administrator",
        "db" : "mysite_development",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]

Notice that the _id and db changed to reference the specific database my application depends on:

请注意,_id 和 db 更改为引用我的应用程序依赖的特定数据库:

"_id" : "mysite_development.administrator",
"db" : "mysite_development",

After making this change, the error went away and I was able to connect to MongoDB fine inside my application.

进行此更改后,错误消失了,我能够在我的应用程序中正常连接到 MongoDB。

Extra Notes:

额外说明:

In my example above, I deleted the user and recreated the user in the right database context. Had you already created the user in the right database context but given it the wrong roles, you could assign a mongodb built-in role to the user:

在上面的示例中,我删除了用户并在正确的数据库上下文中重新创建了用户。如果您已经在正确的数据库上下文中创建了用户,但给了它错误的角色,您可以为用户分配一个 mongodb 内置角色:

db.grantRolesToUser('administrator', [{ role: 'root', db: 'admin' }])

There is also a db.updateUsercommand, albiet typically used to update the user password.

还有一个db.updateUser命令,通常用于更新用户密码。

回答by Lakmal Vithanage

"userAdmin is effectively the superuser role for a specific database. Users with userAdmin can grant themselves all privileges. However, userAdmin does not explicitly authorize a user for any privileges beyond user administration." from the link you posted

“userAdmin 实际上是特定数据库的超级用户角色。具有 userAdmin 的用户可以授予自己所有权限。但是,userAdmin 没有明确授权用户获得用户管理以外的任何权限。” 来自您发布的链接

相关推荐

mongodb Mongoose:深度人口(填充人口稠密的领域)

mongodb Mongoose:深度人口(填充人口稠密的领域)

如何获取 MongoDB 中的所有文档 ID?

如何获取 MongoDB 中的所有文档 ID?

mongodb Mongodb查询特定月份|年份不是日期

mongodb Mongodb查询特定月份|年份不是日期

如何将转储恢复到正在运行的 mongodb

如何将转储恢复到正在运行的 mongodb

相关推荐
最近更新
标签