禁用对 MongoDB 的匿名访问
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22647842/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
disable anonymous access to MongoDB
提问by HaBo
I have installed MongoDB on Windows 2012 Server and running it on windows service.
我已经在 Windows 2012 Server 上安装了 MongoDB 并在 Windows 服务上运行它。
In order to protect it from anonymous log-ins, I followed below steps to enable authenticate and disable anonymous access
为了防止匿名登录,我按照以下步骤启用身份验证和禁用匿名访问
Create the Administrator Credentials and then Enable Authentication
- Start the
mongodormongosinstance without theauthorkeyFilesetting. - Create the administrator user as described in
Create a User Administrator. - Re-start the
mongodormongosinstance with theauthorkeyFilesetting.
- 在没有or设置的情况下启动
mongodormongos实例。authkeyFile - 按照 中所述创建管理员用户
Create a User Administrator。 - 使用or设置重新启动
mongodormongos实例。authkeyFile
According to documentation, by running this shell command
根据文档,通过运行这个 shell 命令
db.auth(<username>,<password>)
db.auth(<username>,<password>)
it should turn on authorization and restarting the instance it should disable anonymous access.
它应该打开授权并重新启动它应该禁用匿名访问的实例。
I am not sure what 3rd step is meant, I stopped MongoDB service and restarted it. But I can still do a anonymous Log-in to the remote MongoDB
我不确定第三步是什么意思,我停止了 MongoDB 服务并重新启动了它。 但是我仍然可以匿名登录远程MongoDB
How can I disable anonymous access to MongoDB?
如何禁用对 MongoDB 的匿名访问?
Update
更新
Executing db.serverCmdLineOpts()
执行 db.serverCmdLineOpts()
/* 0 */
{
"argv" : [
"c:\Program Files\mongodb\bin\mongod.exe",
"--directoryperdb",
"--dbpath",
"c:\mongodb\data",
"--logpath",
"c:\mongodb\log\mongodb_master.log",
"--logappend",
"--rest",
"--service"
],
"parsed" : {
"dbpath" : "c:\mongodb\data",
"directoryperdb" : true,
"logappend" : true,
"logpath" : "c:\mongodb\log\mongodb_master.log",
"rest" : true,
"service" : true
},
"ok" : 1
}
This means I don't have auth key. How can i set auth key there?
这意味着我没有身份验证密钥。我如何在那里设置身份验证密钥?
采纳答案by Stennie
To fully disable anonymous authentication you need to ensure that you:
要完全禁用匿名身份验证,您需要确保:
1) Add an administrative userto the admindatabase.
1)向数据库添加管理用户admin。
Until the first admin user is created, by default there is a localhost bypassthat allows you to login anonymously and set up that first user.
在创建第一个管理员用户之前,默认情况下有一个localhost bypass允许您匿名登录并设置第一个用户。
To check you have at least one user in your admin database, run:
要检查您的管理数据库中是否至少有一个用户,请运行:
db.getSiblingDB('admin').system.users.find()
2) Start your MongoDB server with authenabled (standalone server) or keyFileenabled (replica set).
2)以auth启用(独立服务器)或keyFile启用(副本集)启动您的MongoDB服务器。
The keyFileoption implies auth, and is used for internal authentication between replica set nodes.
该keyFile选项意味着auth, 用于副本集节点之间的内部身份验证。
To check the configuration settings for a running MongoDB instance, you can refer to the output of db.serverCmdLineOpts()in a mongoshell.
要检查正在运行的MongoDB实例的配置设置,你可以参考的输出db.serverCmdLineOpts()中的一个mongo壳。
If the options have been changed from the default they should show up in the parsedsection of the output. That is, one of these should return true:
如果选项已从默认值更改,它们应显示在parsed输出部分中。也就是说,其中之一应该返回 true:
db.serverCmdLineOpts().parsed.auth
db.serverCmdLineOpts().parsed.keyFile
回答by deadManN
Enabling authorization in version 2.6+ - it's in yml format:
在 2.6+ 版本中启用授权 - 它是 yml 格式:
security:
authorization: enabled
Extra Information:
额外的信息:
also note if you are using security config such as key file configuration, the
另请注意,如果您使用安全配置,例如密钥文件配置,则
security:
authorization: enabled
key is not required, that's why you may see config files without this flag... another note: in recent versions, 4.x you also need to configure access IP list: net: bindIp: ::,0.0.0.0 #to bind all v4 and v6 ip addresses, or use specific address which your specific host access, recommended for production
key 不是必需的,这就是为什么你可能会看到没有这个标志的配置文件......另一个注意事项:在最近的版本中,4.x 你还需要配置访问 IP 列表: net: bindIp: ::,0.0.0.0 #to bind所有 v4 和 v6 ip 地址,或使用您的特定主机访问的特定地址,推荐用于生产
or
或者
net:
net.bindIpAll: true #to bind all ip addresses
回答by tsveti_iko
You have to restart the mongod instance with the --auth command line option (run it in the shell):
您必须使用 --auth 命令行选项(在 shell 中运行)重新启动 mongod 实例:
mongod --auth --port 27017 --dbpath /var/lib/mongodb
Keep in mind that the path to mongodb can be different, so you can check the dbPathvalue in the mongodb config file:
请记住,mongodb 的路径可以不同,因此您可以检查dbPathmongodb 配置文件中的值:
sudo vi /etc/mongod.conf
回答by Aaron
I am not sure what 3rd step is meant
我不确定第三步是什么意思
Following the documentation to Install MongoDB On Windows...
按照在 Windows上安装 MongoDB的文档...
You should specify two options when running MongoDB as a Windows Service: a path for the log output (i.e. logpath) and a configuration file.
在将 MongoDB 作为 Windows 服务运行时,您应该指定两个选项:日志输出的路径(即日志路径)和配置文件。
This means that your mongodcommand (as defined in your Windows service) should look something like this:
这意味着您的mongod命令(在您的 Windows 服务中定义)应该如下所示:
c:\mongodb\bin\mongod.exe --config c:\mongodb\mongod.cfg
In your configuration file (whatever it is called, mongod.cfg in my above example) you will want to have a line like this:
在你的配置文件中(不管它叫什么,在我上面的例子中是 mongod.cfg)你会想要这样一行:
auth = true
Try that, and see if it works. If your service definition does not contain the "--config" option, then re-install your service (following the doc I referenced) to add it.
试试这个,看看它是否有效。如果您的服务定义不包含“--config”选项,则重新安装您的服务(按照我引用的文档)以添加它。
