database 在 mongo 中创建超级用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22638258/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Create Superuser in mongo
提问by Simo
I'm trying to create a user in mongo who can do anything in any db.
我正在尝试在 mongo 中创建一个可以在任何数据库中执行任何操作的用户。
According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator
根据指南,我创建了一个新管理员:http: //docs.mongodb.org/manual/tutorial/add-user-administrator
This is the code:
这是代码:
use admin
db.addUser( { user: "try1",
pwd: "hello,
roles: [ "userAdminAnyDatabase" ] } )
Then I stopped mongo, enabled the auth and restarted mongo.
然后我停止了 mongo,启用了身份验证并重新启动了 mongo。
Then I tried to create a database with his user.
然后我试图用他的用户创建一个数据库。
According with this guide: http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
根据本指南:http: //www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
use fragola
db.users.save( {username:"fragolino"} )
And I get this: "not authorized for insert on fragola.users"
我得到了这个:“未授权在 fragola.users 上插入”
Anyone can help me?
任何人都可以帮助我吗?
回答by vijay
from docs.mongodb.org-superuser-roles
来自 docs.mongodb.org-superuser-roles
Lets write answer that looks simple & also simple to implement
让我们编写看起来简单且易于实现的答案
Steps :
脚步 :
1 : sudo apt-get install mongodb-org- in new terminal
1 : sudo apt-get install mongodb-org-在新的终端
2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb
2 : sudo mongod --port 27017 --dbpath /var/lib/mongodb
3 : mongo --port 27017- in new terminal
3 : mongo --port 27017- 在新航站楼
4 : use admin
4 : use admin
5 : As @drmirror said a user should have all 4roles to be superuser
5:正如@drmirror 所说,一个用户应该拥有所有4 个角色才能成为超级用户
For Mongo Version 2.
对于 Mongo 版本 2。
db.createUser(
{
user: "tom",
pwd: "jerry",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "readWriteAnyDatabase", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" },
{ role: "clusterAdmin", db: "admin" }
]
})
For Mongo Version 3.
对于 Mongo 版本 3。
db.createUser(
{
user: "tom",
pwd: "jerry",
roles:["root"]
})
6 : sudo /etc/init.d/mongod stopOR sudo service mongod stop- in new terminal
6 : sudo /etc/init.d/mongod stopOR sudo service mongod stop-在新终端
7 : sudo /etc/init.d/mongod startOR sudo service mongod start
7:sudo /etc/init.d/mongod start或sudo service mongod start
8 : restart your pc
8 : restart your pc
9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb- in new terminal
9 : sudo mongod --auth --port 27017 --dbpath /var/lib/mongodb- 在新的终端
10: mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin"- in new terminal
10:mongo --port 27017 -u "tom" -p "jerry" --authenticationDatabase "admin"- 在新的终端
Note: step 10 is most important step .
注意:第 10 步是最重要的一步。
it will give Output on terminal like
它会在终端上提供输出,如
MongoDB shell version: 2.6.11
connecting to: 127.0.0.1:27017/test
>
回答by drmirror
The role userAdminAnyDatabasegives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).
角色userAdminAnyDatabase使用户能够创建用户并为其分配任意角色。因此,该用户有权对数据库执行任何操作,因为他可以授予任何人任何权限(包括他自己)。
However, the userAdminAnyDatabaserole by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:
但是,userAdminAnyDatabase除了为任意用户分配任意权限之外,角色本身不允许用户执行任何其他操作。要在数据库上实际执行某些操作,该用户需要具有以下附加角色:
readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin
A user who has the above three rights anduserAdminAnyDatabaseis a true super-user and can do anything.
谁拥有上述三种权限的用户,并userAdminAnyDatabase是一个真正的超级用户,可以做任何事情。
