1. 登录MongoDB,在admin库下创建管理员账号
use admin
db.createUser(
{
user: "xxxadmin",
pwd: "xxx",
roles: [ { role: "root", db: "admin" } ]
}
)
2. 修改MongoDB配置文件,开启用户认证(添加最后两行),重启MongoDB
# cat /opt/xxix/conf/mongo/mongo_standalone.conf
systemLog:
destination: file
path: "/opt/xeixx/logs/mongo/mongo_standalone.log"
logAppend: true
storage:
dbPath: "/opt/xxix/db/mongo/mongo_standalone"
journal:
enabled: true
processManagement:
fork: true
pidFilePath: "/opt/xix/run/mongo/mongo_standalone.pid"
net:
bindIp: 0.0.0.0
port: 27017
security:
authorization: enabled
3. 登录管理员账号,创建业务用户
两种登录方式,登录时验证或者无认证登录后再验证:
mongo --port 27017 -u "xxx_admin" -p "xxx" --authenticationDatabase "admin"
或
use admin
db.auth("xxx_admin", "xxx" )
创建业务库账号,当前情况是3个库的用户名密码一致,实际是3个用户(MongoDB的权限设置是以库为单位的,必选要先选择库):
use bpdb-srv
db.createUser(
{
user: "xxx",
pwd: "xxx",
roles: [ { role: "readWrite", db: "bpdb-srv" },
{ role: "dbAdmin", db: "bpdb-srv" } ]
}
)use logdb
db.createUser(
{
user: "xxxn",
pwd: "xxxLlnxxf",
roles: [ { role: "readWrite", db: "logdb" },
{ role: "dbAdmin", db: "logdb" } ]
}
)use orgcontact
db.createUser(
{
user: "xxxxn",
pwd: "xxxxnfxx",
roles: [ { role: "readWrite", db: "orgcontact" },
{ role: "dbAdmin", db: "orgcontact" } ]