MongoDB List of articles

• In the history of the most complete MongoDB First knowledge of
• In the history of the most complete MongoDB Deployment of
• In the history of the most complete MongoDB And Mongo Shell Use
• In the history of the most complete MongoDB Safety certification

If this article is helpful to your development path , Please give me a compliment , Your support is my motivation to stick to blogging
Scan the QR code at the bottom of the article to get the e-book and the latest interview materials

Preface

This series of courses will take you in the form of face-to-face test questions Go deep into distributed topics MongoDB. This article takes you in depth MongoDB Safety certification

MongoDB Introduction to user permissions of

• MongoDB 2.4 Support RABC Model , Using role-based access control (Role-Based Access Control,RBAC) To manage user access to instances

RBAC( Role-based access control )： English name Role-Based Access Control

MongoDB role

MongoDB jurisdiction

MongoDB Suggestions for user permissions

• By default ,MongoDB The server does not start the user Access right , Client connection MongoDB The server does not need security authentication , It can be operated at will, which has great risks
• Production environment Turn on Safety Certification , Start from the command line and add --auth, Or profile (mongod.conf) add auth=true
• It is recommended to modify the default port in the production environment （27017）
• MongoDB It should be deployed in the Intranet environment ,bind_ip Parameters （ The default is localhost）, According to client ip modify , Format ：bind_ip=1.1.1.1,2.2.2.2, prohibit bind_ip Use 0.0.0.0 or bind_ip_all Set to true
• The client operates the database , Should use the dbOwner（ Database management role ） Account operation of , The administrator role is prohibited (/ Account with high permission ) Operating the database

Operate user role commands

show roles View the role list command

Concept

View role list

Command application

> show roles
{
    
	"role" : "dbAdmin",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
{
    
	"role" : "dbOwner",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
{
    
	"role" : "enableSharding",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
{
    
	"role" : "read",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
{
    
	"role" : "readWrite",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
{
    
	"role" : "userAdmin",
	"db" : "test",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}

db.createUser( User information ) Create user command

Concept

Create user

Command format

db.createUser({user:“ user name ”,pwd:“ name ”,roles:[“ role ”]})

Command application

establish test library , And designate test The administrator of the library

> use test
switched to db test
> db.createUser({
    user:"test",pwd:"test",roles:['dbOwner']})
uncaught exception: ReferenceError: dn is not defined :
@(shell):1:1
> use test
switched to db test
> db.createUser({
    user:"test",pwd:"test",roles:['dbOwner']})
Successfully added user: {
     "user" : "test", "roles" : [ "dbOwner" ] }
> show users
{
    
	"_id" : "test.test",
	"userId" : UUID("d9be5de9-8c28-4b2b-8d88-530be7846b14"),
	"user" : "test",
	"db" : "test",
	"roles" : [
		{
    
			"role" : "dbOwner",
			"db" : "test"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1",
		"SCRAM-SHA-256"
	]
}
> 

db.dropUser( User name ) Delete user command

Concept

Create user

Command format

db.dropUser(“ user name ”)

Command application

db.dropUser(“test”)

> use test
switched to db test
> dn.createUser({
    user:"test",pwd:"test",roles:['dbOwner']})
uncaught exception: ReferenceError: dn is not defined :
@(shell):1:1
> use test
switched to db test
> db.createUser({
    user:"test",pwd:"test",roles:['dbOwner']})
Successfully added user: {
     "user" : "test", "roles" : [ "dbOwner" ] }
> show users
{
    
	"_id" : "test.test",
	"userId" : UUID("d9be5de9-8c28-4b2b-8d88-530be7846b14"),
	"user" : "test",
	"db" : "test",
	"roles" : [
		{
    
			"role" : "dbOwner",
			"db" : "test"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1",
		"SCRAM-SHA-256"
	]
}
> 

db.grantRolesToUser( User name ,[]) Authorize user rights command

Concept

Authorize user rights

Command format

db.grantRolesToUser(“ user name ”, [{
role: “ role code”,
db: “ Database name ”
},

…

])

Command application

db.grantRolesToUser(“test”, [{
role: “dbAdmin”,
db: “test”
}
])

> use test
switched to db test
> db.createUser({
    user:"test",pwd:"test",roles:['dbOwner']})
Successfully added user: {
     "user" : "test", "roles" : [ "dbOwner" ] }
> db.grantRolesToUser("test", [{
    
... role: "dbAdmin",
... db: "test"
... }
... ])
> 

Authorized account login command

Concept

Authorized account login

Command format

mongo MONGO_HOST:PORT -u USER -p PWD --authenticationDatabase=DB

Command application

mongo 127.0.0.1:27017 -u test -p test --authenticationDatabase=test

[[email protected] mongodb]# mongo 127.0.0.1:27017 -u test -p test --authenticationDatabase=test
MongoDB shell version v4.4.14
connecting to: mongodb://127.0.0.1:27017/test?authSource=test&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session {
     "id" : UUID("bf4865d7-def1-4824-8240-d8687d820a2e") }
MongoDB server version: 4.4.14
---
The server generated these startup warnings when booting: 
        2022-06-29T02:07:49.470-07:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
        2022-06-29T02:07:49.471-07:00: You are running this process as the root user, which is not recommended
        2022-06-29T02:07:49.471-07:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2022-06-29T02:07:49.471-07:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
        2022-06-29T02:07:49.471-07:00: Soft rlimits too low
        2022-06-29T02:07:49.471-07:00:         currentValue: 1024
        2022-06-29T02:07:49.471-07:00:         recommendedMinimum: 64000
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> show dbs;
admin   0.000GB
config  0.000GB
local   0.000GB
> 

to see somebody for the first time , I don't know what to give you . Simply send hundreds of e-books and the latest interview materials , I wish you a better job , Scan the QR code below to get