内建角色
https://docs.mongodb.com/v2.6/reference/built-in-roles/
命令参考
https://docs.mongodb.com/v2.6/reference/method/
MongoDB 2.6.11 CentOS7.2.1511 EPEL
安全设置
以安全认证模式启动
启动时使用参数–auth或修改配置文件启用认证后重启服务
[root@localhost ~]# vi /etc/mongod.conf
# Run with/without security (without by default)
#auth = true
#noauth = true
auth = true
创建用户帐户及角色
> use admin
> db.createUser({"user":"admin","pwd":"adminpwd","roles":["root"]})
>
重新启动Mongodb服务
创建一个新数据库并设置用户帐户及角色
> use admin
> db.auth("admin","passwd")
1
> use abc123
switched to db abc123
> db.createUser({"user":"abc","pwd":"123","roles":["readWrite"]})
Successfully added user: { "user" : "abc", "roles" : [ "readWrite" ] }
>
查看系统内用户信息
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
再次增加用户
> use abc123
switched to db abc123
> db.createUser({"user":"abcd","pwd":"321","roles":["readWrite"]})
Successfully added user: { "user" : "abcd", "roles" : [ "readWrite" ] }
>
再次查看系统内用户信息
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
{ "_id" : "abc123.abcd", "user" : "abcd", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"10eb9fb6afcfb3e2b483e0d0c12f5b0a" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
删除用户
> use abc123
switched to db abc123
> db.dropUser("abcd")
true
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
查看当前使用数据库
> db
abc123
>
查看当前数据库中所有用户信息
> show users
{
"_id" : "abc123.abc",
"user" : "abc",
"db" : "abc123",
"roles" : [
{
"role" : "readWrite",
"db" : "abc123"
}
]
}
>
查看当前数据库状态统计信息
> db.stats()
{
"db" : "abc123",
"collections" : 0,
"objects" : 0,
"avgObjSize" : 0,
"dataSize" : 0,
"storageSize" : 0,
"numExtents" : 0,
"indexes" : 0,
"indexSize" : 0,
"fileSize" : 0,
"dataFileVersion" : {
},
"ok" : 1
}
>
删除当前数据库(删除数据库前,应先删除数据库中的所有用户)
> use abc123
switched to db abc123
> db.dropUser("abc")
true
> db.dropDatabase()
{ "dropped" : "abc123", "ok" : 1 }
>
> use admin
switched to db admin
> show dbs
admin 0.078GB
local 0.078GB
test (empty)
>
查看mongodb版本信息
> db.version()
2.6.11
>
查看当前服务器连接对象
> db.getMongo()
connection to 127.0.0.1
>
修复当前数据库
> db.repairDatabase()
{ "ok" : 1 }
>
数据库加锁,解锁,查看锁状态(适用于执行备份)
加锁
> use admin
switched to db admin
> db.runCommand({fsync:1,lock:1})
{
"info" : "now locked against writes, use db.fsyncUnlock() to unlock",
"seeAlso" : "http://dochub.mongodb.org/core/fsynccommand",
"ok" : 1
}
> db.currentOp()
{
"inprog" : [ ],
"fsyncLock" : true,
"info" : "use db.fsyncUnlock() to terminate the fsync write/snapshot lock"
}
>
解锁
> db.$cmd.sys.unlock.findOne()
{ "ok" : 1, "info" : "unlock completed" }
> db.currentOp()
{ "inprog" : [ ] }
>
备份恢复
备份全库
[root@localhost ~]# mkdir backup
[root@localhost ~]# cd backup/
[root@localhost backup]# mongodump -u admin -p passwd
connected to: 127.0.0.1
2016-06-17T23:15:08.195+0800 all dbs
2016-06-17T23:15:08.195+0800 DATABASE: admin to dump/admin
2016-06-17T23:15:08.195+0800 admin.system.indexes to dump/admin/system.indexes.bson
2016-06-17T23:15:08.204+0800 3 documents
2016-06-17T23:15:08.204+0800 admin.system.users to dump/admin/system.users.bson
2016-06-17T23:15:08.204+0800 3 documents
2016-06-17T23:15:08.204+0800 Metadata for admin.system.users to
dump/admin/system.users.metadata.json
2016-06-17T23:15:08.204+0800 admin.system.version to dump/admin/system.version.bson
2016-06-17T23:15:08.205+0800 1 documents
2016-06-17T23:15:08.205+0800 Metadata for admin.system.version to
dump/admin/system.version.metadata.json
2016-06-17T23:15:08.205+0800 DATABASE: abc123 to dump/abc123
2016-06-17T23:15:08.218+0800 DATABASE: ssr to dump/ssr
[root@localhost backup]#
备份指定库
[root@localhost backup]# mongodump -u admin -p passwd -d abc123
恢复全库(进如备份目录)
[root@localhost backup]# mongorestore -u admin -p passwd --drop
恢复指定库(进入备份目录)
[root@localhost backup]# mongorestore -u admin -p passwd -d abc123 --drop
连接远程数据库命令参数和用法
mongo --username <username> --password <password> --host <host> --port 27017
mongo -u <username> -p <password> --host <host> --port 27017
mongo -u <username> -p <password> 192.168.2.222:27017/abc