Authentication
如何使用身份驗證支持啟動 Mongo 守護程序
我想使用 Mongo init 腳本啟動具有身份驗證支持的 MongoDB 守護程序:
sudo /etc/init.d/mongod start
我還將 db 使用者添加到數據庫中進行身份驗證。我正在處理兩個文件:(
/etc/init.d/mongod
用於初始化)和/etc/mongod.conf
(用於配置)。#mongod.conf: dbpath=/var/lib/mongodb logappend=true port = 27017 auth = true
非守護程序方法使用
--auth
標誌正確啟動程序:mongod --auth
叉子可以工作,但這不使用初始化腳本:
mongod --fork --auth --logpath /var/log/mongod.log
閱讀所有文件和相關文章,似乎沒有人有一個可行的解決方案來獲得身份驗證支持
service mongod start
連結:
- 帶有初始化腳本的奇怪行為啟動過程
- http://docs.mongodb.org/manual/administration/configuration/
- 通過新貴設置 mongodb - 如何傳遞選項?
更新:我重新安裝了 Debian/Mongo 並且能夠在 conf 文件中
service mongod start
使用。auth = true
我可能在初始安裝/配置期間弄壞了一些東西。
我剛剛使用全新的 Debian 7 安裝和 MongoDB 的全新安裝對此進行了測試。我首先添加了一個使用者 (adam),然後編輯了
/etc/mongod.conf
文件以取消註釋該auth = true
行。然後我發出service mongod restart
命令並嘗試以使用者身份登錄,並成功 - 我也嘗試了不正確的憑據但失敗了。因此,身份驗證似乎工作得很好,使用配置文件指定啟用身份驗證沒有明顯問題。所以,有幾個問題:
- 您如何測試是否啟用了身份驗證?
- 您的配置文件中是否有不止一行包含 auth/noauth 語句?
作為參考,這是我使用來自 shell 等的回饋進行的大部分測試。
一、安裝和設置初始使用者:
root@deb7:~# apt-get install mongodb-org Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools The following NEW packages will be installed: mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools 0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded. Need to get 114 MB of archives. After this operation, 287 MB of additional disk space will be used. Do you want to continue [Y/n]? ** SNIP for brevity** Setting up mongodb-org-shell (2.6.1) ... Setting up mongodb-org-server (2.6.1) ... Adding system user `mongodb' (UID 104) ... Adding new user `mongodb' (UID 104) with group `nogroup' ... Not creating home directory `/home/mongodb'. Adding group `mongodb' (GID 107) ... Done. Adding user `mongodb' to group `mongodb' ... Adding user mongodb to group mongodb Done. [ ok ] Starting database: mongod. Setting up mongodb-org-mongos (2.6.1) ... Setting up mongodb-org-tools (2.6.1) ... Setting up mongodb-org (2.6.1) ... root@deb7:~# mongo MongoDB shell version: 2.6.1 connecting to: test Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user > use admin switched to db admin > db.createUser( ... { ... user: "adam", ... pwd: "password123", ... roles: ... [ ... { ... role: "userAdminAnyDatabase", ... db: "admin" ... } ... ] ... } ... ) Successfully added user: { "user" : "adam", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
接下來我編輯了
/etc/mongod.conf
文件並刪除了#
註釋掉的文件auth = true
(我沒有做其他更改)。我保存了該文件,然後重新啟動了服務。接下來,我連接了我添加的使用者並驗證了我是否擁有正確的權限:root@deb7:~# vim /etc/mongod.conf root@deb7:~# service mongod restart [ ok ] Restarting database: mongod. root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
如您所見,我添加的使用者沒有查看啟動警告的權限,但為了確定,我檢查了權限:
> use admin switched to db admin > db.runCommand( { usersInfo:"adam", showPrivileges:true } ) { "users" : [ { "_id" : "admin.adam", "user" : "adam", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedRoles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedPrivileges" : [ { "resource" : { "db" : "", "collection" : "" }, "actions" : [ "changeCustomData", "changePassword", "createRole", "createUser", "dropRole", "dropUser", "grantRole", "revokeRole", "viewRole", "viewUser" ] }, { "resource" : { "cluster" : true }, "actions" : [ "authSchemaUpgrade", "invalidateUserCache", "listDatabases" ] }, { "resource" : { "db" : "", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.roles" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.version" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.new_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.backup_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] } ] } ], "ok" : 1 }
為了完整起見,這裡有一個身份驗證失敗:
root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test 2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210 exception: login failed