以下無權(quán)限的命令請使用sudo,或在root下操作
一、安裝mongodb
1. 創(chuàng)建yum源文件:
vim /etc/yum.repos.d/mongodb-org-3.2.repo
2. 寫入源地址:
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
3. 執(zhí)行安裝命令:
sudo yum install -y mongodb-org
二、配置并啟動mongod ( 本配置開啟用戶權(quán)限認證,拒絕裸奔)
1. 創(chuàng)建配置文件:/etc/mongodb/mongod.conf xxxx為端口號
# log save file
systemLog:
destination: file
logAppend: true #allow append log
path: /var/mongodb/log/mongo_xxxx.log
# db save path
storage:
dbPath: /var/mongodb/data/
journal:
enabled: true
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/mongodb/run/mongo_xxxx.pid # location of pidfile
# network interfaces
net:
port: xxxx
bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.
#open auth very important, if you don't need auth,comment out below
security:
authorization: enabled
2. 啟動mongod服務(wù)
建倉service
- 創(chuàng)建 /etc/init.d/mymongod
- 添加可執(zhí)行權(quán)限 chmod +x /etc/init.d/mymongod
- 寫入bash:
#!/bin/bash
# source function library
. /etc/rc.d/init.d/functions
#define commond
CMD=/usr/bin/mongod
#define my mongo.conf
CONF_FILE=/etc/mongodb/mongod.conf
start()
{
#&:run backgroud, also can use --fock 某些版本fock不可用,使用&
$CMD -f $CONF_FILE --rest &
echo "MongoDB is running background..."
}
stop()
{
pkill mongod
echo "MongoDB is stopped."
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
esac
- 啟動服務(wù):
service mymongod start
若要停止服務(wù)可用:
service mymongod stop
三、連接mongodb,并創(chuàng)建用戶
1.連接mongodb
mongo --host 127.0.0.1 --port 123123
2. 創(chuàng)建超級管理員 (創(chuàng)建超級管理員前 停止mongod.conf中的鑒權(quán) security: authorization: disabled)
use admin;
db.createUser({"user":"root","pwd":"passwd","roles":[{role:"root",db:"admin"},{role:"__system",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"}]});
3. 打開mongod.conf鑒權(quán),重新啟動mongod服務(wù)
4. 使用超級用戶連接db
- ctrl+c 斷開當前連接
- 連接db admin
mongo -u root -p root --host 127.0.0.1 --port xxxx admin
4.創(chuàng)建普通用戶,此處給于較大權(quán)限,創(chuàng)建普通用戶要use到普通用戶所在的數(shù)據(jù)庫
use userdb1
db.createUser({"user":"user1","pwd":"passwd","roles":[{role:"dbAdmin",db:"userdb1"},{role:"userAdmin",db:"userdb1"},{role:"readWrite",db:"userdb1"}]})
Built-In Roles(內(nèi)置角色)說明:
Read:允許用戶讀取指定數(shù)據(jù)庫
readWrite:允許用戶讀寫指定數(shù)據(jù)庫
dbAdmin:允許用戶在指定數(shù)據(jù)庫中執(zhí)行管理函數(shù),如索引創(chuàng)建、刪除,查看統(tǒng)計或訪問system.profile
userAdmin:允許用戶向system.users集合寫入,可以找指定數(shù)據(jù)庫里創(chuàng)建、刪除和管理用戶
clusterAdmin:只在admin數(shù)據(jù)庫中可用,賦予用戶所有分片和復(fù)制集相關(guān)函數(shù)的管理權(quán)限。
readAnyDatabase:只在admin數(shù)據(jù)庫中可用,賦予用戶所有數(shù)據(jù)庫的讀權(quán)限
readWriteAnyDatabase:只在admin數(shù)據(jù)庫中可用,賦予用戶所有數(shù)據(jù)庫的讀寫權(quán)限
userAdminAnyDatabase:只在admin數(shù)據(jù)庫中可用,賦予用戶所有數(shù)據(jù)庫的userAdmin權(quán)限
dbAdminAnyDatabase:只在admin數(shù)據(jù)庫中可用,賦予用戶所有數(shù)據(jù)庫的dbAdmin權(quán)限。
root:只在admin數(shù)據(jù)庫中可用。超級賬號,超級權(quán)限
PS:關(guān)于每個角色所擁有的操作權(quán)限可以點擊上面的內(nèi)置角色鏈接查看詳情
參考官方文檔說明
4.使用普通用戶連接db
mongo -u user1 -p passwd --host 127.0.0.1 --port xxxx userdb1
