MongoDB - 用户权限 [英] MongoDB - User privileges
问题描述
这可能是一个愚蠢的新手问题.我在 Google-scape 上搜索了答案,并在 stackoverflow 上找到了一些东西,但还没有真正起作用.
This is probably a stupid newbie question. I scoured the Google-scape for answers and found a few things on stackoverflow, but nothing really works yet.
我正在尝试创建一个数据库,以及一个可以向数据库插入条目的用户.
I am trying to create a database, and a user who can insert entries to the db.
到目前为止,我设法创建了以下用户 &相关权限:
So far I managed to create the following users & associated privileges:
$ ./mongo localhost:29525/admin -username admin -password "somesecret"
MongoDB shell version: 2.4.9
connecting to: localhost:29525/admin
> db.system.users.find()
{ "_id" : ObjectId("533dc34753178fa1d0707308"), "user" : "admin", "pwd" : "145efb041abb3f9dd2531b26c90f2a4c", "roles" : [ "userAdminAnyDatabase" ] }
{ "_id" : ObjectId("533dc9c03eb5b535e9691f21"), "user" : "node", "pwd" : "a2cbb645cec16dedd4a4f9ee53a332a7", "roles" : [ "readWrite", "dbAdmin" ] }
{ "_id" : ObjectId("533dd1c52d0f16b6fae61188"), "user" : "node2", "pwd" : "488fba587da677d48825b425ebf7031e", "roles" : [ "userAdminAnyDatabase", "userAdmin", "clusterAdmin", "dbAdminAnyDatabase" ] }
理想情况下,我想授予admin"用户完全权限,但不幸的是,admin 的userAdminAnyDatabase"权限不足以启用此功能:
I ideally wanted to give the "admin" user full privileges, but unfortunately admin's 'userAdminAnyDatabase' privilege is not enough to enable this:
> db.users.update({"admin" : "somesecret"}, {$addToSet: {'roles': [ 'dbAdminAnyDatabase', 'clusterAdmin']}}, false, false)
not authorized for update on admin.users
我想知道是否我实际上并没有以admin"身份执行命令,所以我重新以用户 admin 身份进行了身份验证.仍然没有快乐:
I wondered if maybe I just wasn't actually executing the command as "admin", so I re-authenticated as user admin. Still no joy:
> db.auth("admin", "somesecret")
1
> db.users.update({"admin" : "somesecret"}, {$addToSet: {'roles': [ 'dbAdminAnyDatabase', 'clusterAdmin']}}, false, false)
not authorized for update on admin.users
所以我尝试了node2"用户 - 我创建了具有更多权限(dbAdminAnyDatabase、clusterAdmin、..)的用户,所以这可能有用吗?但可惜它也失败了:
So I tried the "node2" user - I had created that with more privileges (dbAdminAnyDatabase, clusterAdmin, ..), so maybe that would work? But alas it also fails:
> db.auth("node2", "anothersecret")
1
> db.users.update({"admin" : "somesecret"}, {$addToSet: {'roles': [ 'dbAdminAnyDatabase', 'clusterAdmin']}}, false, false)
not authorized for update on admin.users
除此之外,我尝试创建一个数据库mynewdb",并添加一个集合users".由于拥有最多权限的用户是node2",我首先切换到该用户.但是该用户无法将记录插入到新数据库的新集合中:
That aside, I tried to create a database 'mynewdb', and add a collection 'users'. As the user with most privileges is "node2", I switched to that user first. But that user cannot insert records into the new database's new collection:
> db.auth("node2", "anothersecret")
1
> use mynewdb
switched to db mynewdb
> db.users.save( {username: "philipp"})
not authorized for insert on testapp.users
就此而言,管理员"也不能.
Nor for that matter can "admin".
抱歉我的无知,我在这里花了几个小时谷歌搜索,但仍在努力拼凑由 MongoDB 文档上的许多不同的信息所呈现的拼图.
Sorry for my ignorance, I have spent some hours Googling here and am still struggling to piece together jigsaw pieces presented by the many disparit bits of info on the MongoDB docs.
感谢您的帮助!
推荐答案
此答案仅适用于 MongoDB 2.4.X 及更低版本.在MongoDB 2.6下,这样做的方法有很大的不同
This answer ONLY pertains to MongoDB 2.4.X and lower. The methods for doing this are significantly different under MongoDB 2.6
您在示例中正确查询了system.users"集合:
You are correctly querying the "system.users" collection in your examples:
db.system.users.find()
但是您的更新是针对users"集合的,管理员用户无法访问该集合,因为它只有userAdminAnyDatabase".您可以尝试针对system.users"运行更新吗?即
But your updates are to the "users" collection, which the admin user cannot access as it only has "userAdminAnyDatabase". Can you try running your update against "system.users" instead? ie
db.system.users.update({"admin" : "somesecret"}, {$addToSet: {'roles': [ 'dbAdminAnyDatabase', 'clusterAdmin']}})
这篇关于MongoDB - 用户权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
