MongoDB tool commands and user authentication

1.MongoDB tool command

1.1.Mongod command

MongoDB is the main daemon of the MongoDB system. It handles data requests, manages data access, and performs background management operations. The startup process specifies a configuration file that controls database behavior.

1.2.Mongos command

For "MongoDB Shard", Mongos is a routing service used to process the MongoDB shard configuration of the shard application layer, and determine the location of the shard cluster to complete these operations. From an application perspective, a Mongos instance behaves the same as any other MongoDB instance.

1.3.Mongostat command

The Mongostat implementer provides a quick overview of the status of the currently running MOngoD or Mongos instance. Mongostat is functionally similar to the UNIX/linux filesystem utility vmstat, but provides data about Mongod and Mongos instances.

1.4.Mongotop command

Mongotop provides a way to track the amount of time MongoDB implements reading and writing data. MOngotop provides statistics for each collection level. By default, Mongotop puts values ​​back every second.

1.5.Mongooplog command

Mongooplog is a simple tool that replicates oplog polling operations of a remote server and applies them to a local server. This feature supports certain types of inter-real migrations that require the source server to remain online and running throughout the migration process. Typically, this command will take the form

Mongooplog  -from Mongodb().example.net --host mongodb1.example.net

1.6.Mongoperf command

Mongoperf is a utility that checks disk I/O performance independently of MongoDB. It is a test of random disk I/O and presents the results.

E.g:
echo"(nTherads:16,fileSizeMB:10000,r:true,w:true)"|mongoperf
 In this operation:
mongoperf Test Direct Physical Random Read and Write IO Yes, using 16 concurrent reader threads.
mongoperf use 10 G test file.
Or write parameters to a file mongoperf<config

2.MongoDB user authentication

User related commands

db.auth() Authenticate the user to the database.
db.changeUserPassword() Change the password of an existing user.
db.createUser() Create a new user.
db.dropUser() Delete a single user.
db.dropAllUsers() Delete all users associated with the database.
db.getUser() Returns information about the specified user.
db.getUsers() Returns information about all users associated with the database.
db.grantRolesToUser() Grant user roles and their privileges.
db.removeUser() Obsolete. Delete the user from the database.
db.revokeRolesFromUser() Remove the role from the user.
db.updateUser() Update user data.

2.1. Create a user

> use admin
> db.createUser(
{
   user: "admin",
   pwd: "123456", 
   roles: [ { role: "root", db: "admin" } ]			//The specified role is root, which means administrator
}
)


2.2. Modify the configuration file to enable user authentication

 [mongo_clusetr]# vim /opt/mongo_clusetr/mongodb_27017/conf/mongodb.yml
 Modify the configuration file:
security:
 authorization:enabled

2.3. Restart MongoDB

[root@localhost mongo_clusetr]# mongodb/bin/mongod -f mongodb_27017/conf/mongodb.yml --shutdown
killing process with pid: 5358

start up MongoDB
[root@localhost mongo_clusetr]# mongodb/bin/mongod -f mongodb_27017/conf/mongodb.yml
about to fork child process, waiting until server is ready for connections.
forked process: 8365
child process started successfully, parent exiting

2.4. Log in to MongoDB with the user password

[root@localhost mongo_clusetr]# mongodb/bin/mongo -uadmin -p123456

3. Authorize users and grant multiple permissions

mongodb can create multiple users and perform different operations for different libraries

3.1. Create users and make data

1.Create User" qing"
> db.createUser(
... {
...  user: "qing",
... pwd: "123456",
... roles: [ { role: "readWrite", db: "test" },  //read and write
... { role: "read", db: "test2" }   ]  	//readable
... }
... )
2.insert data
test library
#I have already inserted it here in advance.
> db.test.find()
{ "_id" : ObjectId("636918296db9dbd5d46e98af"), "name" : "zhang", "age" : "10" }
{ "_id" : ObjectId("6369183d6db9dbd5d46e98b0"), "name" : "li", "age" : "20" }

test2
> db.test2.insert({"name":"gao","age":20})
> db.test2.insert({"name":"liu","age":20})

3.2. Use the "qing" user to log in to the test library for permission verification

1.logged in user qing and connect test library
[root@localhost mongo_clusetr]# mongodb/bin/mongo -uqing -p123456 192.168.40.4:27017/test

2.view all tables
> show tables
test
test1

3.Check if you have read permission
> db.test.find()
{ "_id" : ObjectId("636918296db9dbd5d46e98af"), "name" : "zhang", "age" : "10" }
{ "_id" : ObjectId("6369183d6db9dbd5d46e98b0"), "name" : "li", "age" : "20" }

4.Check if you have write permission
 db.test.insert({"name":"wangwu","age":22})
WriteResult({ "nInserted" : 1 })

5.Check whether the write is successful
> db.test.find({"name":"wangwu"})
{ "_id" : ObjectId("63691c0764606b8480ada848"), "name" : "wangwu", "age" : 22 }
has read and write permissions

3.3. View the permissions of the test2 library

Since ordinary users can only log in to the test library, if they want to switch other libraries, they can only use use to switch after logging in to the test library.

1.toggle test2 library
> use test2
switched to db test2

2.View the library
> db
test2

3.View the data in the table
> db.test2.find()
{ "_id" : ObjectId("63691a6560b0576a88593727"), "name" : "gao", "age" : 20 }
{ "_id" : ObjectId("63691a6c60b0576a88593728"), "name" : "liu", "age" : 20 }

4.try inserting permissions
>db.test2.insert({"name":"qiang","age":50})
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on test2 to execute command { insert: \"test2\", ordered: true, lsid: { id: UUID(\"ee4fcdd6-7b71-4a04-af50-17e134a7addf\") }, $db: \"test2\" }"
	}
})
> db.test2.find()
{ "_id" : ObjectId("63691a6560b0576a88593727"), "name" : "gao", "age" : 20 }
{ "_id" : ObjectId("63691a6c60b0576a88593728"), "name" : "liu", "age" : 20 }
Found that the insert failed, only read permission

Tags: Database MongoDB nosql

Posted by logging on Thu, 10 Nov 2022 21:51:01 +0300