SCRAM-SHA-1校驗方式改為 MONGODB-CR校驗方式

SCRAM-SHA-1校驗方式改為 MONGODB-CR校驗方式

1. 關(guān)閉服務(wù)器,關(guān)閉認證,重新啟動mongodb(全部服務(wù)器)

# su mongo
# pkill -15 mongos && pkill -15 mongod
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/config.conf
# /usr/local/webserver/mongodb/bin/mongos -f /data/mongodb/conf_init/mongos.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard1.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard2.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard3.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf_init/shard4.conf
# ps aux | grep mongo

2. 連接到其中一臺mongos,修改system.version文檔里面的authSchema版本為3,初始安裝時候應(yīng)該是5,命令行如下:

# /usr/local/webserver/mongodb/bin/mongo 192.168.1.101:20000/admin
mongos> use admin;
switched to db admin 
mongos> var schema = db.system.version.findOne({"_id" : "authSchema"});
mongos> schema.currentVersion = 3;
3 
mongos> db.system.version.save(schema);
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })

3. 刪除用戶并重新創(chuàng)建用戶

mongos> use admin;
mongos> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "oz2XLTiQUp6CCRBBuYsKaA==", "storedKey" : "6YziqMkcQUMxjNA2QqB6TAQoHDQ=", "serverKey" : "5USz2KGPYsVxegVikgZd9XW7g9E=" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
mongos> db.dropUser("admin");
true
mongos> db.createUser({user:"admin",pwd:"123456",roles:["root"]});
Successfully added user: { "user" : "admin", "roles" : [ "root" ] }
mongos> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "95ec4261124ba5951720b199908d892b" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }

mongoDB內(nèi)置的管理全部數(shù)據(jù)的角色:
readAnyDatabase:在admin數(shù)據(jù)庫下建立,可以讀取所有數(shù)據(jù)庫的信息
readWriteAnyDatabase:在admin數(shù)據(jù)庫下建立,可以讀寫所有數(shù)據(jù)庫的信息
userAdminAnyDatabase:在admin數(shù)據(jù)庫下建立,可以管理所有數(shù)據(jù)庫的用戶
dbAdminAnyDatabase:在admin數(shù)據(jù)庫下建立,可以管理所有數(shù)據(jù)庫的信息(類似于所有數(shù)據(jù)庫的dbAdmin賬戶)
要讓admin用戶能夠讀寫所有數(shù)據(jù)庫,則需要做如下授權(quán):

mongos> use admin;
mongos> db.grantRolesToUser("admin", [{ role: "readWriteAnyDatabase", db: "admin" }]);

取消授權(quán)的命令如下:

mongos> db.revokeRolesFromUser("<username>", [{ role: "<role-name>", db: "<db-name>"}]);

解決方式就是刪除剛剛創(chuàng)建的用戶,重新重建即可:

mongos> use testdb;
switched to db testdb 
mongos> db.dropUser("testdb");
true 
mongos>db.createUser({user:"testdb",pwd:"123456",roles:[{role:"dbOwner",db:"testdb"}]});
mongos> exit;

4. 關(guān)閉服務(wù)器,開啟認證,重啟服務(wù)器,用mongovue連接

# pkill -15 mongos && pkill -15 mongod
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/config.conf
# /usr/local/webserver/mongodb/bin/mongos -f /data/mongodb/conf/mongos.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard1.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard2.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard3.conf
# /usr/local/webserver/mongodb/bin/mongod -f /data/mongodb/conf/shard4.conf
# ps aux | grep mongo
# /usr/local/webserver/mongodb/bin/mongo 192.168.1.101:20000/admin -uadmin -p123456
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容