【MongoDB】开启认证权限

1.

mongodb.conf ：

添加

auth=true

2.

 use admin （3.0+ 使用 createUser ;<3.0版本  http://www.cnblogs.com/guizi/archive/2012/11/20/2779500.html）

db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]  }  )  

> db.createUser({  user: "root",  pwd: "123456",  roles: [ { role: "userAdminAny
Database", db: "admin" } ]  }  )
Successfully added user: {
        "user" : "root",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}

not authorized on test to execute command-MongoDB的权限配置

直接报Command '$eval' failed: not authorized on这个错误，可以确认是权限的问题

解决方案：
在官网  http://docs.mongodb.org/manual/reference/command/eval/#dbcmd.eval 有一段描述：

If authorization is enabled, you must have access to all actions on all resources in order to run eval. Providing such access is not recommended, but if your organization requires a user to run eval, create a role that grants anyAction on anyResource. Do not assign this role to any other user.

解决步骤：

1）不带--auth参数启动数据库，所以不需要帐号即可连上MongoDB。

2）新建一个角色，比如叫 sysadmin，需要先切换到admin库进行如下操作：

[C#] 纯文本查看 复制代码
 
> use admin
switched to db admin
> db.createRole({role:'sysadmin',roles:[],
privileges:[
{resource:{anyResource:true},actions:['anyAction']}
]})


3）然后，新建一个用户，使用这个角色，注意，这个角色的db是admin，操作如下：
[C#] 纯文本查看 复制代码
 
> use woplus
switched to db woplus
> db.createUser({
user:'sa',
pwd:'sufeinet.com',
roles:[
{role:'sysadmin',db:'admin'}
]})


好了现在重启启动数据库带上
--auth
就可以正常执行了

3.登陆

>  db.auth("admin","admin")
Error: 18 Authentication failed.
0
> user admin
2015-07-28T16:44:43.034+0800 E QUERY    SyntaxError: Unexpected identifier


--这样操作成功了
> use admin
switched to db admin
> db.auth("root","123456")
1
--登陆失败

> db.auth("root","111")
2015-07-28T16:52:51.352+0800 I NETWORK Socket recv() errno:10053 An established
connection was aborted by the software in your host machine. 127.0.0.1:27017
2015-07-28T16:52:51.367+0800 I NETWORK SocketException: remote: 127.0.0.1:27017
error: 9001 socket exception [RECV_ERROR] server [127.0.0.1:27017]
2015-07-28T16:52:51.367+0800 I NETWORK DBClientCursor::init call() failed
Error: error doing query: failed
0
2015-07-28T16:52:51.371+0800 I NETWORK trying reconnect to 127.0.0.1:27017 (127
.0.0.1) failed
2015-07-28T16:52:51.373+0800 I NETWORK reconnect 127.0.0.1:27017 (127.0.0.1) ok

不知道是不是这个原因，开启 auth后 MongoVUE不能连接。

MongoVUE 是个比较好用的MongoDB客户端，不过免费版在15天过后，不能使用gridfs，Server Monitoring等功能。

关于安全性操作还需要继续研究