常用 mongo 命令
2016-10-20 by dongnan
举个栗子
进入 mongo shell
mongo 127.0.0.1
MongoDB shell version: 3.2.9
connecting to: test
当前数据库
> db
test
使用 admin 库
> use admin
switched to db admin
创建用户
# 超级用户
> db.createUser({user:'root',pwd:'password', roles:[{role:'userAdminAnyDatabase', db:'admin'}]})
# 库管理员
> use demo
> db.createUser({user:'demo',pwd:'zongming.net',roles:[{role:"dbOwner",db:"demo"}]})
认证用户
> db.auth('root','zongming.net')
#0:代表授权失败, 1:代表授权成功
列出所有库
> show dbs;
admin 0.000GB
local 0.000GB
# 刚创建的数据库不在数据库的列表中,这是因为数据库中还没有插入一些数据。
列出所有用户
> show users;
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
删除账户
> db.removeUser('demo')
WARNING: db.removeUser has been deprecated, please use db.dropUser instead
true
更改账户密码
> db.changeUserPassword('demo','zongming.net')
权限配置问题
问题描述
使用 dbadmin 权限插入数据,提示 not authorized on test to execute command
解决方法
添加读写权限
使用库
use admin
授权
db.grantRolesToUser("dongnan",["readWrite"])
验证
db.getUser('dongnan')
{
"_id" : "dongnan.dongnan",
"user" : "dongnan",
"db" : "dongnan",
"roles" : [
{
"role" : "readWrite",
"db" : "dongnan"
},
{
"role" : "dbAdmin",
"db" : "dongnan"
}
]
}
验证权限
use dongnan
db.auth('dongnan','password')
db.spider_engine.insert({"name":"test","code":""})
登录远程服务器
例子,登录远程 mongodb 服务器
mongo mongo_server_ip/admin -u dongnan -p
命令参数
mongo --help
MongoDB shell version: 3.2.9
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
Options:
--shell run the shell after executing files
--nodb don't connect to mongod on startup - no
'db address' arg expected
--norc will not run the ".mongorc.js" file on
start up
--quiet be less chatty
--port arg port to connect to
--host arg server to connect to
--eval arg evaluate javascript
-h [ --help ] show this usage information
--version show version information
--verbose increase verbosity
--ipv6 enable IPv6 support (disabled by default)
--disableJavaScriptJIT disable the Javascript Just In Time
compiler
--enableJavaScriptProtection disable automatic JavaScript function
marshalling
--ssl use SSL for all connections
--sslCAFile arg Certificate Authority file for SSL
--sslPEMKeyFile arg PEM certificate/key file for SSL
--sslPEMKeyPassword arg password for key in PEM file for SSL
--sslCRLFile arg Certificate Revocation List file for SSL
--sslAllowInvalidHostnames allow connections to servers with
non-matching hostnames
--sslAllowInvalidCertificates allow connections to servers with invalid
certificates
--sslFIPSMode activate FIPS 140-2 mode at startup
Authentication Options:
-u [ --username ] arg username for authentication
-p [ --password ] arg password for authentication
--authenticationDatabase arg user source (defaults to dbname)
--authenticationMechanism arg authentication mechanism
--gssapiServiceName arg (=mongodb) Service name to use when authenticating
using GSSAPI/Kerberos
--gssapiHostName arg Remote host name to use for purpose of
GSSAPI/Kerberos authentication