目录

MongoDB 安全

网络隔离

  • 内网外网

防火墙配置

  • 只允许指定ip访问MongoDB服务

用户名 密码

开启auth

  • 配置文件中加上

auth = true
  • 创建用户

{
    user:<name>,
    pwd:<password>,
    customData:<any information>,
    roles:[
        {
            role:<role>,
            db:<database>,
        }
    ]
}

# <role> : read , readWrite , dbAdmin , dbOwner , userAdmin

# 示例
> db.createUser({user:"cky",pwd:"Cky951010",roles:[{role:"userAdmin",db:"admin"},{role:"readWrite",db:"test"}]});
Successfully added user: {
    "user" : "cky",
    "roles" : [
        {
            "role" : "userAdmin",
            "db" : "admin"
        },
        {
            "role" : "readWrite",
            "db" : "test"
        }
    ]
}

MongoDB用户角色

数据库角色

  • read

  • readWrite

  • dbAdmin

  • dbOwner

  • userAdmin

集群角色

  • clusterAdmin

  • clusterManager

备份角色

  • backup

  • restore

其他特殊权限角色

  • DBAdminAnyDatabase

自定义用户角色

db.createRole({
    _id : "myApp.appUser",
    role: "appUser",
    privileges : [
        {
            resource : {db:"myApp",collection:""},
            actions : ["find","createCollection","dbStats","collStats"]
        },
        {
            resource : {db:"myApp",collection:"logs"},
            actions : ["insert"]
        }
    ] 
});