创建有权读取本地数据库的mongo用户

Question

我想创建一个可以读取本地数据库的mongo用户。我尝试在本地数据库上使用命令：

db.createUser(
    {  user: "readonlyuser", pwd: "loh8Ephi", 
    roles: [ { role: "read", db: "local" } ] 
}) 

但是 - 它不起作用。我收到：

connecting to: local 
2015-12-21T14:08:07.904+0100 Error: couldn't add user: Cannot create users in the local database at src/mongo/shell/db.js:1054 

我试图创建针对管理数据库用户：

> use admin 
switched to db admin 
> db.createUser(
... {  user: "readonlyuser", pwd: "loh8Ephi", roles: [ { role: "read", db: "local" } ] }) 

Successfully added user: { 
"user" : "readonlyuser", 
"roles" : [ 
    { 
     "role" : "read", 
     "db" : "local" 
    } 
] 

，现在我尝试连接：

undefine@machine:~$ mongo -u readonlyuser -p loh8Ephi local 
MongoDB shell version: 2.6.11 
connecting to: local 
2015-12-21T15:35:19.190+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1292 
exception: login failed 

如何创建谁拥有只读用户只能访问本地数据库？

Answer 1

根据documentation，您不能在本地数据库上创建用户。相反，你可以对admin数据库运行createUser查询：

use admin 
db.createUser(
{  user: "readonlyuser", pwd: "loh8Ephi", 
    roles: [ { role: "read", db: "local" } ] 
}) 

请注意，您必须在连接时对admin数据库进行身份验证。

Answer 2

我会做类似下面

use admin 
db.getSiblingDB("local").runCommand({ "createUser" : "mongoread", "pwd": "read0nly", "customData" : { "description": "mongo readonly user" }, "roles" : [ {"role" : "read","db" : "local"}] },{ w: "majority" , wtimeout: 5000 });