Authentication

如何使用身份驗證支持啟動 Mongo 守護程序

  • October 14, 2016

我想使用 Mongo init 腳本啟動具有身份驗證支持的 MongoDB 守護程序:

sudo /etc/init.d/mongod start

我還將 db 使用者添加到數據庫中進行身份驗證。我正在處理兩個文件:(/etc/init.d/mongod用於初始化)和/etc/mongod.conf(用於配置)。

#mongod.conf:
dbpath=/var/lib/mongodb
logappend=true
port = 27017 
auth = true

非守護程序方法使用--auth標誌正確啟動程序:

mongod --auth

叉子可以工作,但這不使用初始化腳本:

mongod --fork --auth --logpath /var/log/mongod.log

閱讀所有文件和相關文章,似乎沒有人有一個可行的解決方案來獲得身份驗證支持

service mongod start

連結:

更新:我重新安裝了 Debian/Mongo 並且能夠在 conf 文件中service mongod start使用。auth = true我可能在初始安裝/配置期間弄壞了一些東西。

我剛剛使用全新的 Debian 7 安裝和 MongoDB 的全新安裝對此進行了測試。我首先添加了一個使用者 (adam),然後編輯了/etc/mongod.conf文件以取消註釋該auth = true行。然後我發出service mongod restart命令並嘗試以使用者身份登錄,並成功 - 我也嘗試了不正確的憑據但失敗了。因此,身份驗證似乎工作得很好,使用配置文件指定啟用身份驗證沒有明顯問題。

所以,有幾個問題:

  • 您如何測試是否啟用了身份驗證?
  • 您的配置文件中是否有不止一行包含 auth/noauth 語句?

作為參考,這是我使用來自 shell 等的回饋進行的大部分測試。

一、安裝和設置初始使用者:

root@deb7:~# apt-get install mongodb-org
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
 mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
The following NEW packages will be installed:
 mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell
 mongodb-org-tools
0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded.
Need to get 114 MB of archives.
After this operation, 287 MB of additional disk space will be used.
Do you want to continue [Y/n]? 
** SNIP  for brevity** 
Setting up mongodb-org-shell (2.6.1) ...
Setting up mongodb-org-server (2.6.1) ...
Adding system user `mongodb' (UID 104) ...
Adding new user `mongodb' (UID 104) with group `nogroup' ...
Not creating home directory `/home/mongodb'.
Adding group `mongodb' (GID 107) ...
Done.
Adding user `mongodb' to group `mongodb' ...
Adding user mongodb to group mongodb
Done.
[ ok ] Starting database: mongod.
Setting up mongodb-org-mongos (2.6.1) ...
Setting up mongodb-org-tools (2.6.1) ...
Setting up mongodb-org (2.6.1) ...
root@deb7:~# mongo
MongoDB shell version: 2.6.1
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
   http://docs.mongodb.org/
Questions? Try the support group
   http://groups.google.com/group/mongodb-user
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "adam",
...     pwd: "password123",
...     roles:
...     [
...       {
...         role: "userAdminAnyDatabase",
...         db: "admin"
...       }
...     ]
...   }
... )                           
Successfully added user: {
   "user" : "adam",
   "roles" : [
       {
           "role" : "userAdminAnyDatabase",
           "db" : "admin"
       }
   ]
}

接下來我編輯了/etc/mongod.conf文件並刪除了#註釋掉的文件auth = true(我沒有做其他更改)。我保存了該文件,然後重新啟動了服務。接下來,我連接了我添加的使用者並驗證了我是否擁有正確的權限:

root@deb7:~# vim /etc/mongod.conf 
root@deb7:~# service mongod restart
[ ok ] Restarting database: mongod.
root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }

如您所見,我添加的使用者沒有查看啟動警告的權限,但為了確定,我檢查了權限:

> use admin
switched to db admin
> db.runCommand(   {     usersInfo:"adam",     showPrivileges:true   } )
{
   "users" : [
       {
           "_id" : "admin.adam",
           "user" : "adam",
           "db" : "admin",
           "roles" : [
               {
                   "role" : "userAdminAnyDatabase",
                   "db" : "admin"
               }
           ],
           "inheritedRoles" : [
               {
                   "role" : "userAdminAnyDatabase",
                   "db" : "admin"
               }
           ],
           "inheritedPrivileges" : [
               {
                   "resource" : {
                       "db" : "",
                       "collection" : ""
                   },
                   "actions" : [
                       "changeCustomData",
                       "changePassword",
                       "createRole",
                       "createUser",
                       "dropRole",
                       "dropUser",
                       "grantRole",
                       "revokeRole",
                       "viewRole",
                       "viewUser"
                   ]
               },
               {
                   "resource" : {
                       "cluster" : true
                   },
                   "actions" : [
                       "authSchemaUpgrade",
                       "invalidateUserCache",
                       "listDatabases"
                   ]
               },
               {
                   "resource" : {
                       "db" : "",
                       "collection" : "system.users"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               },
               {
                   "resource" : {
                       "db" : "admin",
                       "collection" : "system.users"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               },
               {
                   "resource" : {
                       "db" : "admin",
                       "collection" : "system.roles"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               },
               {
                   "resource" : {
                       "db" : "admin",
                       "collection" : "system.version"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               },
               {
                   "resource" : {
                       "db" : "admin",
                       "collection" : "system.new_users"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               },
               {
                   "resource" : {
                       "db" : "admin",
                       "collection" : "system.backup_users"
                   },
                   "actions" : [
                       "collStats",
                       "dbHash",
                       "dbStats",
                       "find",
                       "killCursors",
                       "planCacheRead"
                   ]
               }
           ]
       }
   ],
   "ok" : 1
}                                        

為了完整起見,這裡有一個身份驗證失敗:

root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed   

引用自:https://serverfault.com/questions/594350