跳转至

常用 mongo 命令


2016-10-20 by dongnan

举个栗子

进入 mongo shell

mongo 127.0.0.1
MongoDB shell version: 3.2.9
connecting to: test

当前数据库

> db
test

使用 admin

> use admin
switched to db admin

创建用户

# 超级用户
> db.createUser({user:'root',pwd:'password', roles:[{role:'userAdminAnyDatabase', db:'admin'}]})

# 库管理员
> use demo
> db.createUser({user:'demo',pwd:'zongming.net',roles:[{role:"dbOwner",db:"demo"}]})

认证用户

> db.auth('root','zongming.net')
#0:代表授权失败, 1:代表授权成功

列出所有库

> show dbs;
admin  0.000GB

local  0.000GB
# 刚创建的数据库不在数据库的列表中,这是因为数据库中还没有插入一些数据。

列出所有用户

> show users;
{
    "_id" : "admin.root",
    "user" : "root",
    "db" : "admin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}

删除账户

> db.removeUser('demo')
WARNING: db.removeUser has been deprecated, please use db.dropUser instead
true

更改账户密码

> db.changeUserPassword('demo','zongming.net')

权限配置问题

问题描述

使用 dbadmin 权限插入数据,提示 not authorized on test to execute command

解决方法

添加读写权限

使用库
use admin

授权
db.grantRolesToUser("dongnan",["readWrite"])

验证
db.getUser('dongnan')
{
    "_id" : "dongnan.dongnan",
    "user" : "dongnan",
    "db" : "dongnan",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "dongnan"
        },
        {
            "role" : "dbAdmin",
            "db" : "dongnan"
        }
    ]
}

验证权限

use dongnan
db.auth('dongnan','password')
db.spider_engine.insert({"name":"test","code":""})

登录远程服务器

例子,登录远程 mongodb 服务器

mongo mongo_server_ip/admin -u dongnan -p

命令参数

mongo --help
MongoDB shell version: 3.2.9
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
  foo                   foo database on local machine
  192.169.0.5/foo      foo database on 192.168.0.5 machine
  192.169.0.5:9999/foo  foo database on 192.168.0.5 machine on port 9999
Options:
  --shell                             run the shell after executing files
  --nodb                              don't connect to mongod on startup - no
                                      'db address' arg expected
  --norc                              will not run the ".mongorc.js" file on
                                      start up
  --quiet                             be less chatty
  --port arg                          port to connect to
  --host arg                          server to connect to
  --eval arg                          evaluate javascript
  -h [ --help ]                       show this usage information
  --version                           show version information
  --verbose                           increase verbosity
  --ipv6                              enable IPv6 support (disabled by default)
  --disableJavaScriptJIT              disable the Javascript Just In Time
                                      compiler
  --enableJavaScriptProtection        disable automatic JavaScript function
                                      marshalling
  --ssl                               use SSL for all connections
  --sslCAFile arg                     Certificate Authority file for SSL
  --sslPEMKeyFile arg                 PEM certificate/key file for SSL
  --sslPEMKeyPassword arg             password for key in PEM file for SSL
  --sslCRLFile arg                    Certificate Revocation List file for SSL
  --sslAllowInvalidHostnames          allow connections to servers with
                                      non-matching hostnames
  --sslAllowInvalidCertificates       allow connections to servers with invalid
                                      certificates
  --sslFIPSMode                       activate FIPS 140-2 mode at startup

Authentication Options:
  -u [ --username ] arg               username for authentication
  -p [ --password ] arg               password for authentication
  --authenticationDatabase arg        user source (defaults to dbname)
  --authenticationMechanism arg       authentication mechanism
  --gssapiServiceName arg (=mongodb)  Service name to use when authenticating
                                      using GSSAPI/Kerberos
  --gssapiHostName arg                Remote host name to use for purpose of
                                      GSSAPI/Kerberos authentication

扩展

如何创建 Mongodb 容器?

参考

The mongo Shell

欢迎关注微信公众号: 运维录

Back to top