Mongo用户权限，可读写任何数据库 [英] Mongo user privilege to read and write to any database

问题描述

Mongo newb在这里.我有一个包含四个数据库的mongo安装，并且想创建一个可以读取和写入所有数据库的用户.我试过了:

Mongo newb here. I have a mongo installation with four databases and would like to create a user that can read and write to all the databases. I tried:

use admin;
db.addUser({user: "foo" , pwd: "bar", roles: [  "readWriteAnyDatabase" ]})

但是当我尝试做

mongo someotherdb -u foo -p

并使用正确的密码进行身份验证，这会给我带来身份验证错误.

and authenticate with the correct password it gives me an authentication error.

我还尝试通过此操作将用户手动添加到其他数据库

I also tried manually adding the users to the other databases by doing this

use someotherdb
db.addUser({user: "foo", roles: ['readWrite'], userSource: "admin"});

仍然没有骰子尝试通过mongo shell或在目标数据库中使用auth命令登录.

and still no dice trying to log in via the mongo shell or using the auth command in the target db.

我做错什么了吗?如何使用户可以全局读写任何数据库?您是否必须将所述用户添加到每个数据库的system.users集合中，或者如果他们具有"readWriteAnyDatabase"角色，则不必这样做吗?

Am I doing something wrong? How do you go about making a user who can globally read and write to any db? Do you have to add said user to each db's system.users collection or is that not necessary if they have the "readWriteAnyDatabase" role?

我正在Ubuntu上使用mongo 2.4.

I'm using mongo 2.4 on ubuntu.

推荐答案

所以，我终于弄清楚了.请注意，此修复程序仅适用于Mongo 2.4.

So, I've finally figured this out. Note, this fix only works for Mongo 2.4.

在2.4中，您可以在连接字符串中或在命令行中指定一个数据库进行身份验证

In 2.4 you can specify a database to authenticate yourself with in the connection string or on the command line

因此要创建初始用户

use admin
db.createUser({user: "foo" , pwd: "bar", roles: [  "userAdminAnyDatabase","readWriteAnyDatabase" ]})

并进行身份验证

mongo -u foo --authenticationDatabase admin -p

现在您应该可以对任何数据库执行任何操作

Now you should be able to do whatever you want to any DB

这篇关于Mongo用户权限，可读写任何数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！