|
本文介绍配置MongoDB 3.x/4.x身份验证的方法。
很多人习惯于在没有身份验证的情况下运行MongoDB,如果尝试Lynis或Nessus安全审核,你可能会收到“No MongoDB authorization”的警告,本文我们将介绍如何在MongoDB中为用户/数据库设置身份验证。
你需要运行MongoDB,请参考:在Ubuntu 18.04/16.04系统中安装MongoDB的方法或在RHEL 8/CentOS 8系统上安装和配置MongoDB 4的方法。
当mongod服务正在运行时,使用mongo命令行工具连接到它: # mongo --port 27017
然后创建具有root角色的用户帐户作为数据库admin: > use testdb; switched to db testdb > db.createUser( { user: "dbadmin", pwd: "StrongPassword", roles: [ { role: "root", db: "admin" } ] } ) > exit bye
打开文件/etc/mongod.conf并启用身份验证: security: authorization: enabled
重启MongoDB: sudo systemctl restart mongod
通过以dbadmin用户身份连接到testdb进行测试: mongo --port 27017 -u "dbadmin" -p --authenticationDatabase "testdb"
当要求输入密码时,请输入你设置的密码: MongoDB shell version v4.0.2 Enter password: connecting to: mongodb://127.0.0.1:27017/ MongoDB server version: 4.0.2 Server has startup warnings: 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2019-02-08T10:02:40.821+0000 I CONTROL [initandlisten] --- Enable MongoDB's free cloud-based monitoring service, which will then receive and display metrics about your deployment (disk utilization, CPU, operation statistics, etc). The monitoring data will be available on a MongoDB website with a unique URL accessible to you and anyone you share the URL with. MongoDB may use this information to make product improvements and to suggest MongoDB products and deployment options to you. To enable free monitoring, run the following command: db.enableFreeMonitoring() To permanently disable this reminder, run the following command: db.disableFreeMonitoring() --- >
至此,可以使用MongoDB身份验证来访问特定数据库了。
相关主题 |
