本文为工作日志,解决当打开MongoDB的 --auth 以后,致使没法使用 db.eval() 的问题。
问题描写:
使用--auth启动MongoDB,登录成功后,履行db.eval,报以下毛病:
> db.eval('return 1111')
2015-03-04T15:18:54.062+0800 {
"ok" : 0,
"errmsg" : "not authorized on test to execute command { $eval: "return 1111" }",
"code" : 13
} at src/mongo/shell/db.js:403
>
解决方案:
在官网 http://docs.mongodb.org/manual/reference/command/eval/#dbcmd.eval 有1段描写:
If authorization is enabled, you must have access to all actions on all resources in order to run eval.
Providing such access is not recommended, but if your organization requires a user to run eval,
create a role that grants anyAction on anyResource.
Do not assign this role to any other user.
解决步骤:
1)不带--auth参数启动数据库,所以不需要帐号便可连上MongoDB。
2)新建1个角色,比如叫 sysadmin,需要先切换到admin库进行以下操作:
> use admin
switched to db admin
> db.createRole({role:'sysadmin',roles:[],
... privileges:[
... {resource:{anyResource:true},actions:['anyAction']}
... ]})
3)然后,新建1个用户,使用这个角色,注意,这个角色的db是admin,操作以下:
> use woplus
switched to db woplus
> db.createUser({
... user:'woplus',
... pwd:'wo@1990',
... roles:[
... {role:'sysadmin',db:'admin'}
... ]})
4)OK,我们看看效果。先看看用户情况,以下:
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.root", "user" : "root", "db" : "admin", "credentials" : { "MONGODB-CR" : "dfda4d4e75995650c3e1b3f2b65b1920" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "woplus.woplus", "user" : "woplus", "db" : "woplus", "credentials" : { "MONGODB-CR" : "bcabae4fe4d7951fad37cb2d099437e8" }, "roles" : [ { "role" : "sysadmin", "db" : "admin" } ] }
然后,我们重启
数据库,加上 --auth 参数。
再从客户端使用帐号登录MongoDB。
./mongo -u woplus -p wo@1990 192.168.1.84/woplus
MongoDB shell version: 2.6.8
connecting to: 192.168.1.84/woplus
>
> use woplus
switched to db woplus
> db.eval('return 222')
222