我想使用 Mongo init 腳本啟動具有身份驗證支援的 MongoDB 守護程式:
sudo /etc/init.d/mongod start
我還將 db 用戶添加到資料庫中進行身份驗證。我正在使用兩個檔案:(/etc/init.d/mongod用於 init)和/etc/mongod.conf(用於配置)。
#mongod.conf:
dbpath=/var/lib/mongodb
logappend=true
port = 27017
auth = true
非守護程序方法使用以下--auth標誌正確啟動程序:
mongod --auth
fork 可以工作,但不使用 init 腳本:
mongod --fork --auth --logpath /var/log/mongod.log
閱讀所有文件和相關帖子,似乎沒有人有一個可行的解決方案來獲得身份驗證支持
service mongod start
連結:
- 使用 init 腳本啟動進程的奇怪行為
- http://docs.mongodb.org/manual/administration/configuration/
- 透過 upstart 設定 mongodb - 如何傳遞選項?
更新:我重新安裝了 Debian/Mongo 並且能夠service mongod start在auth = trueconf 檔案中使用。我可能在初始安裝/配置期間破壞了某些東西。
答案1
我剛剛使用全新安裝的 Debian 7 和全新安裝的 MongoDB 對此進行了測試。我首先添加了一個用戶(adam),然後編輯/etc/mongod.conf文件以取消註釋該auth = true行。然後,我發出service mongod restart命令並嘗試以用戶身份登錄,並成功 - 我還嘗試了錯誤的憑證並失敗。因此,身份驗證似乎運作得很好,使用設定檔指定啟用身份驗證沒有明顯的問題。
所以,有幾個問題:
- 您如何測試身份驗證已啟用?
- 您的設定檔中是否可能有不只一行包含 auth/noauth 語句?
作為參考,這裡是我的大部分測試以及來自 shell 等的回饋。
首先,安裝並設定初始用戶:
root@deb7:~# apt-get install mongodb-org
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
The following NEW packages will be installed:
mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell
mongodb-org-tools
0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded.
Need to get 114 MB of archives.
After this operation, 287 MB of additional disk space will be used.
Do you want to continue [Y/n]?
** SNIP for brevity**
Setting up mongodb-org-shell (2.6.1) ...
Setting up mongodb-org-server (2.6.1) ...
Adding system user `mongodb' (UID 104) ...
Adding new user `mongodb' (UID 104) with group `nogroup' ...
Not creating home directory `/home/mongodb'.
Adding group `mongodb' (GID 107) ...
Done.
Adding user `mongodb' to group `mongodb' ...
Adding user mongodb to group mongodb
Done.
[ ok ] Starting database: mongod.
Setting up mongodb-org-mongos (2.6.1) ...
Setting up mongodb-org-tools (2.6.1) ...
Setting up mongodb-org (2.6.1) ...
root@deb7:~# mongo
MongoDB shell version: 2.6.1
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
> use admin
switched to db admin
> db.createUser(
... {
... user: "adam",
... pwd: "password123",
... roles:
... [
... {
... role: "userAdminAnyDatabase",
... db: "admin"
... }
... ]
... }
... )
Successfully added user: {
"user" : "adam",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
接下來,我編輯了該/etc/mongod.conf文件並刪除了#註釋掉的內容auth = true(我沒有進行其他更改)。我保存了該文件,然後重新啟動了服務。接下來,我與我添加的用戶連接並驗證我是否擁有正確的權限:
root@deb7:~# vim /etc/mongod.conf
root@deb7:~# service mongod restart
[ ok ] Restarting database: mongod.
root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
正如您所看到的,我新增的使用者沒有查看啟動警告的權限,但為了確定,我檢查了權限:
> use admin
switched to db admin
> db.runCommand( { usersInfo:"adam", showPrivileges:true } )
{
"users" : [
{
"_id" : "admin.adam",
"user" : "adam",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeCustomData",
"changePassword",
"createRole",
"createUser",
"dropRole",
"dropUser",
"grantRole",
"revokeRole",
"viewRole",
"viewUser"
]
},
{
"resource" : {
"cluster" : true
},
"actions" : [
"authSchemaUpgrade",
"invalidateUserCache",
"listDatabases"
]
},
{
"resource" : {
"db" : "",
"collection" : "system.users"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.users"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.roles"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.version"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.new_users"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.backup_users"
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"planCacheRead"
]
}
]
}
],
"ok" : 1
}
為了完整起見,這是一個身份驗證失敗的情況:
root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed
答案2
編輯 /etc/mongod.conf 並新增如下行:
對於蒙戈<3.0
auth=true
然後:
service mongod restart
對於 mongo 3.x,將其新增至配置中
security:
authorization: "enabled"
答案3
這對我有用(使用 mongo 3.2):編輯 /etc/mongod.conf 並添加:
安全性:授權:已啟用
與其他答案類似,但沒有“啟用”周圍的引號