将用户添加到新的/另一个 mongo 数据库需要什么 MongoDB 用户权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20525103/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What MongoDB user privileges do I need to add a user to a new/another mongo database?
提问by Gabriel Petrovay
I have enabled authentication in the MongoDB config file after adding one admin user with the following privileges: userAdminand userAdminAnyDatabase.
添加一个具有以下权限的管理员用户后,我在 MongoDB 配置文件中启用了身份验证:userAdmin和userAdminAnyDatabase.
Now I connect with this user to the db where this admin user is defined (otherwise I get exception: login failed).
现在,我将此用户连接到定义此管理员用户的数据库(否则我会得到exception: login failed)。
After I have successfully connected I want to add the a new user to a new database. For that I am trying:
成功连接后,我想将新用户添加到新数据库。为此,我正在尝试:
use another
db.addUser(...)
but I get an error:
但我收到一个错误:
Wed Dec 11 17:45:18.277 couldn't add user: not authorized for insert on app.system.users at src/mongo/shell/db.js:128
How can I create a new database and add a first user to it?
如何创建新数据库并向其中添加第一个用户?
Detailed(all users have 1234 as password in this example)
详细(本例中所有用户的密码均为 1234)
$ mongo mono -u admin_all -p 1234
MongoDB shell version: 2.4.6
connecting to: mono
> db.system.users.find()
{ "_id" : ObjectId("52a9831de41eb640bb0f5f64"), "user" : "admin_all", "pwd" : "a6316ed4886c10663cce46bc216ea375", "roles" : [ "userAdmin", "userAdminAnyDatabase" ] }
{ "_id" : ObjectId("52a98404ef1f9bc934b62e11"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin" ] }
{ "_id" : ObjectId("52a98415ef1f9bc934b62e12"), "user" : "admin_any", "pwd" : "1616611df9b47c58b607054d384cab99", "roles" : [ "userAdminAnyDatabase" ] }
> use another
switched to db another
> db.addUser({ user: "user", pwd: "1234", roles: ["read"] })
{
"user" : "user",
"pwd" : "461d4f349d8d4ec3d22a4c945010c330",
"roles" : [
"read"
],
"_id" : ObjectId("52a985372fcdbfd033003a7e")
}
Thu Dec 12 10:43:19.091 couldn't add user: not authorized for insert on another.system.users at src/mongo/shell/db.js:128
回答by Gabriel Petrovay
The mistake made was that I was using an userAdminAnyDatabaseuser that was NOTin the admindatabase (see this note). So there MUSTbe a database called adminon your server! As the documentation says for the "AnyDatabase" privileges:
犯的错误是,我使用userAdminAnyDatabase的是用户是不是在管理数据库(见本说明)。因此,您的服务器上必须有一个名为admin的数据库!正如文档所说的“AnyDatabase”权限:
If you add any of these roles to a user privilege document outside of the admin database, the privilege will have no effect.
如果您将这些角色中的任何一个添加到 admin 数据库之外的用户权限文档,则该权限将不起作用。
So you must:
所以你必须:
add a
userAdminAnyDatabaseto theadmindb$ mongo admin > db.createUser({ user: "myadmin", pwd: "1234", roles: ["userAdminAnyDatabase"] })turn on authentication
auth = true setParameter = enableLocalhostAuthBypass=0connect using the new
myadminuser to any database you want and add further users:$ mongo another -u myadmin -p 1234 > db.createUser({ user: "user", pwd: "1234", roles: ["readWrite"] })or
> use another > db.createUser({ user: "user", pwd: "1234", roles: ["readWrite"] })
添加一个
userAdminAnyDatabase到admin数据库$ mongo admin > db.createUser({ user: "myadmin", pwd: "1234", roles: ["userAdminAnyDatabase"] })开启身份验证
auth = true setParameter = enableLocalhostAuthBypass=0使用新
myadmin用户连接到您想要的任何数据库并添加更多用户:$ mongo another -u myadmin -p 1234 > db.createUser({ user: "user", pwd: "1234", roles: ["readWrite"] })或者
> use another > db.createUser({ user: "user", pwd: "1234", roles: ["readWrite"] })
回答by gil.fernandes
This is what worked for me for creating a user prodwho connects to database prodassuming I had an admin user (called admin) already in the MongoDB:
假设我在 MongoDB 中已经有一个管理员用户(称为),这对我创建一个prod连接到数据库prod的用户admin有用:
> mongo admin --username root --password <pwd>
> use prod
> db.createUser(
{
user: "prod",
pwd: "<pwd>",
roles: [ { role: "dbOwner", db: "prod" } ]
}
)
> exit
After this you can login with the new user prodlike this:
在此之后,您可以prod像这样使用新用户登录:
> mongo prod --username prod --password <pwd>
