环境说明
[root@192 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.105 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::605:3bc8:1ed7:63e1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:52:16:53 txqueuelen 1000 (Ethernet)
RX packets 92217 bytes 121030811 (115.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59484 bytes 4731625 (4.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@192 ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@192 ~]# uname -a
Linux 192.168.0.105 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
安装
[root@192 ~]# wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.0.3.tgz
[root@192 ~]# mkdir /application ; tar zxf mongodb-linux-x86_64-rhel70-4.0.3.tgz -C /application
[root@192 ~]# cd /application/
[root@192 application]# ln -sv mongodb-linux-x86_64-rhel70-4.0.3/ mongodb
[root@192 application]# mkdir mongodb/{data,logs}
[root@192 application]# vim mongodb/mongodb.conf
bind_ip=0.0.0.0
port=27037
dbpath=/application/mongodb/data/
logpath=/application/mongodb/logs/mongodb.log
pidfilepath =/application/mongodb/mongodb.pid
logappend=true
fork=true #是否以守护进程运行
maxConns=500
noauth = true
#auth = true #初始化关闭用户认证,创建用户后再开启用户认证。
[root@192 application]# /application/mongodb/bin/mongod -f /application/mongodb/mongodb.conf
2023-07-23T22:59:00.513+0800 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
about to fork child process, waiting until server is ready for connections.
forked process: 2130
child process started successfully, parent exiting
[root@192 application]# netstat -tupln|grep mongo
tcp 0 0 0.0.0.0:27037 0.0.0.0:* LISTEN 2130/mongod
用户设置
[root@192 application]# ./mongodb/bin/mongo --port 27037
MongoDB shell version v4.0.3
connecting to: mongodb://127.0.0.1:27037/
Implicit session: session { "id" : UUID("2380d30b-f756-40c9-be1b-68652f4a3ea3") }
MongoDB server version: 4.0.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten]
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten]
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten]
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2023-07-23T22:59:01.228+0800 I CONTROL [initandlisten]
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> use admin
switched to db admin
> db.createUser({ user: "admin", pwd: "123456", roles: [{ role: "root", db: "admin" }] })
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
[root@192 application]# vim mongodb/mongodb.conf
bind_ip=0.0.0.0
port=27037
dbpath=/application/mongodb/data/
logpath=/application/mongodb/logs/mongodb.log
pidfilepath =/application/mongodb/mongodb.pid
logappend=true
fork=true #是否以守护进程运行
maxConns=500
#noauth = true
auth = true #初始化关闭用户认证,创建用户后再开启用户认证。
[root@192 application]# ps -ef|grep mongodb
root 2130 1 1 22:59 ? 00:00:02 /application/mongodb/bin/mongod -f /application/mongodb/mongodb.conf
root 2191 2078 0 23:03 pts/1 00:00:00 grep --color=auto mongodb
[root@192 application]# kill -9 2130
[root@192 application]# /application/mongodb/bin/mongod -f /application/mongodb/mongodb.conf
2023-07-23T23:03:32.378+0800 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
about to fork child process, waiting until server is ready for connections.
forked process: 2194
child process started successfully, parent exiting
[root@192 application]# ./mongodb/bin/mongo --port 27037
MongoDB shell version v4.0.3
connecting to: mongodb://127.0.0.1:27037/
Implicit session: session { "id" : UUID("a7149e51-e395-447b-900a-ea1fe7accff0") }
MongoDB server version: 4.0.3
> show dbs;
2023-07-23T23:05:31.383+0800 E QUERY [js] Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "command listDatabases requires authentication",
"code" : 13,
"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:67:1
shellHelper.show@src/mongo/shell/utils.js:876:19
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1
> use admin
switched to db admin
> db.auth('admin','123456')
1
> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB
>
> db.getUsers();
[
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
操作
选中库,或创建一个库
> use test
switched to db test
创建集合(表)
> db.createCollection("test")
{ "ok" : 1 }
查看结合
> show tables;
test
插入文档
> db.test.insert({"name":'zhangsan'})
查看文档
> db.test.find()
{ "_id" : ObjectId("64bd575b7f0983bafb06f26f"), "name" : "zhangsan" }
用户管理
创建超级管理员用户
有所有权限
db.createUser(
{
user:"root",
pwd:"pwd",
roles:["root"]
}
)
创建普通管理员用户(两种)
第一种,只能访问admin库,没有其他库的任何权限。
db.createUser(
{ user: "admin001",
pwd: "admin",
roles: [ { role: "userAdmin", db: "admin" } ]
}
)
> db.auth('admin002','admin')
1
> show databases; #返回空的,没有查看数据库权限
第二种,可以查看其他库,只读。
db.createUser(
{ user: "admin002",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
> db.auth('admin002','admin')
1
> show databases;
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
> use test
switched to db test
> db.test.insert({'name':'wangwu'}) #没有插入数据权限
WriteCommandError({
"ok" : 0,
"errmsg" : "not authorized on test to execute command { insert: \"test\", ordered: true, lsid: { id: UUID(\"70fd42dc-65be-45d2-bdd3-287762758314\") }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
})
创建用户,赋予用户test库的读写权限
db.createUser({
user:"user001",
pwd:"123456",
roles:[
{role:"readWrite",db:"test"}, # read 只读权限
]
})
> db.auth('user001','123456')
1
> show databases;
test 0.000GB #只有test库权限
查看所有用户
> use admin
switched to db admin
> db.auth('admin','123456')
1
> show users;
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
{
"_id" : "admin.admin001",
"user" : "admin001",
"db" : "admin",
"roles" : [
{
"role" : "userAdmin",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
{
"_id" : "admin.admin002",
"user" : "admin002",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
{
"_id" : "admin.user001",
"user" : "user001",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
修改密码
> use admin
switched to db admin
> db.changeUserPassword('admin','123456')
删除用户
> use admin
switched to db admin
> db.dropUser('admin001')
true
用户登入
> use admin
switched to db admin
> db.auth('root','123456')
浙公网安备 33010602011771号