本文详细介绍了如何在MongoDB中添加root用户并配置安全授权,包括无密码启动、创建超级管理员账户、修改配置文件以启用身份验证,并提供了一个完整的配置示例。此外,还提到了Redis的安全设置,如修改配置接收所有IP请求及设置强密码。
mongodb
首先默认无密码启动
1 添加root用户:
db.createUser(
{
user: "root",
pwd: "password",
roles: [{"role":"root","db":"admin"}],
/* All built-in Roles
Database User Roles: read|readWrite
Database Admin Roles: dbAdmin|dbOwner|userAdmin
Cluster Admin Roles: clusterAdmin|clusterManager|clusterMonitor|hostManager
Backup and Restoration Roles: backup|restore
All-Database Roles: readAnyDatabase|readWriteAnyDatabase|userAdminAnyDatabase|dbAdminAnyDatabase
Superuser Roles: root
*/
// authenticationRestrictions: [ {
// clientSource: ["192.168.0.0"],
// serverAddress: ["xxx.xxx.xxx.xxx"]
// } ],
//mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
//passwordDigestor: "<server|client>"
}
)
2 修改配置:
security:
authorization: enabled
javascriptEnabled: false
net:
port: 27017
bindIp: 0.0.0.0
完整配置如下:
## content
systemLog:
destination: file
logAppend: true
path: /www/server/mongodb/log/config.log
# Where and how to store data.
storage:
dbPath: /www/server/mongodb/data
directoryPerDB: true
journal:
enabled: true
# how the process runs
processManagement:
fork: true
pidFilePath: /www/server/mongodb/log/configsvr.pid
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
#operationProfiling:
#replication:
# replSetName: bt_main
security:
authorization: enabled
javascriptEnabled: false
#sharding:
# clusterRole: shardsvr
- 重启数据库
redis
- 找到config文件 注释掉 bind 127.0.0.1 接收来自所有ip的请求
- 找到配置文件中 requirepass 配置成自己想要的密码
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
requirepass 2343d(^$@!)
问题
- 可能需要开放服务器的相应端口 (云服务器安全组、或者宝塔安全配置)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
