Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Users & Roles
- ================
- There are a number of predefined roles:
- root - All powerful. Use with caution
- userAdminAnyDatabase - Can create users and assign roles on any database. Use with caution
- userAdmin - Can only create users and assign roles in a specific database
- read - Read collections in a specific database.
- readWrite - Read and Write to a specific database
- > db.getUsers()
- or
- > db.system.users.find()
- STEP - 1
- ========
- Add Users Before Enabling Access Control
- Create Admin User :: -
- The first thing is to create an admin user, go to the mongo shell
- connect to the `admin' database
- The first user should be an admin user that can manage the database.
- create a user and assign him the role userAdminAnyDatabase
- use admin
- var user = {
- "user" : "root",
- "pwd" : "toor",
- roles : [
- {
- "role" : "userAdminAnyDatabase",
- "db" : "admin"
- }
- ]
- }
- db.createUser(user);
- How to check user created or not ?
- -----------------------------------
- db.getUsers()
- [
- {
- "_id" : "admin.root",
- "user" : "root",
- "db" : "admin",
- "roles" : [
- {
- "role" : "userAdminAnyDatabase",
- "db" : "admin"
- }
- ]
- }
- ]
- STEP - 2
- ========
- Enabling Access Control ::
- in /etc/mongod.conf
- security:
- authorization: enabled
- after updating config file we need to restart the mongo instance.
- STEP - 3
- ========
- Here after we can use user name and pass for access database.
- If you enter with out user and pass, you will see these kind erros,
- > show databases;
- 2016-06-05T08:05:22.960+0530 E QUERY [thread1] Error: listDatabases failed:{
- "ok" : 0,
- "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }",
- "code" : 13
- } :
- _getErrorWithCode@src/mongo/shell/utils.js:25:13
- Mongo.prototype.getDBs@src/mongo/shell/mongo.js:62:1
- shellHelper.show@src/mongo/shell/utils.js:760:19
- shellHelper@src/mongo/shell/utils.js:650:15
- @(shellhelp2):1:1
- >
- $mongo admin -u root -p
- MongoDB shell version: 3.2.5
- Enter password:
- connecting to: admin
- >
- STEP - 4
- ========
- let's create application User for read/Write
- Before we need to create application user, we need to go the perticular database
- > use hermes;
- var user = {
- "user" : "appuser",
- "pwd" : "app123",
- roles : [
- {
- "role" : "readWrite",
- "db" : "hermes"
- }
- ]
- }
- db.createUser(user);
- let's verify
- > db.getUsers()
- [
- {
- "_id" : "hermes.appuser",
- "user" : "appuser",
- "db" : "hermes",
- "roles" : [
- {
- "role" : "readWrite",
- "db" : "hermes"
- }
- ]
- }
- ]
- >
- STEP - 5
- ========
- let's create readonly user to read any database
- $mongo admin -u admin -p
- var user = {
- "user" : "reporting",
- "pwd" : "abc123",
- roles : [
- {
- "role" : "readAnyDatabase",
- "db" : "admin"
- }
- ]
- }
- db.createUser(user);
- exit
- > db.products.insert({ "title" : "MongoDB in Action" });
- WriteResult({
- "writeError" : {
- "code" : 13,
- "errmsg" : "not authorized on hermes to execute command { insert: \"products\", documents: [ { _id: ObjectId('5753d9af680d6e283c83138f'), title: \"MongoDB in Action\" } ], ordered: true }"
- }
- })
- >
- If you try to insert/update/delete document you will receive an exception.
- How to update the user role:
- =============================
- use admin
- db.updateUser( "admin",
- {
- roles : [
- { role : "root", db : "admin" }
- ]
- }
- )
- Enforce-keyfile-access-control
- ===================================
- cd /var/lib/mongo
- openssl rand -base64 755 > dv_mongo.key
- chmod 400 dv_mongo.key
- chown mongod: dv_mongo.key
- security:
- authorization: enabled
- keyFile: /var/lib/mongo/dv_mongo.key
- NOTE :: dv_mongo.key file copy to all slave machine.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement