如何用auth支持启动Mongo守护进程

我想用Mongo初始化脚本启动支持auth的MongoDB守护进程：

sudo /etc/init.d/mongod start

我也已经将数据库用户添加到数据库进行身份validation。我正在处理两个文件： /etc/init.d/mongod （用于init）和/etc/mongod.conf （用于configuration）。

 #mongod.conf: dbpath=/var/lib/mongodb logappend=true port = 27017 auth = true

非守护进程方法使用--auth标志正确启动进程：

 mongod --auth

该分支工作，但是这不使用init脚本：

 mongod --fork --auth --logpath /var/log/mongod.log

阅读所有文档和相关的post，似乎没有任何工作的解决scheme来获得auth支持

 service mongod start

链接：

用init脚本启动进程的奇怪行为
http://docs.mongodb.org/manual/administration/configuration/
通过暴发户设置mongodb – 如何通过选项？

更新：我重新安装了Debian / Mongo，并且能够在conf文件中使用service mongod start和auth = true 。我可能在最初的安装/configuration期间破坏了某些东西。

我刚刚testing了一个新的Debian 7安装，以及全新安装的MongoDB。我先添加了一个用户（adam），然后编辑/etc/mongod.conf文件以取消注释auth = true行。然后，我发出了service mongod restart命令，并尝试以用户身份login，并成功 – 我也尝试不正确的凭据，失败。因此，身份validation似乎工作得很好，使用configuration文件指定身份validation启用没有明显的问题。

所以，有几个问题：

你如何testing启用了身份validation？
你的configuration文件中是否有多行代码可以赋予auth / noauth语句？

作为参考，这里是我的大部分testing与shell的反馈等

首先，安装并设置初始用户：

 root@deb7:~# apt-get install mongodb-org Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools The following NEW packages will be installed: mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools 0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded. Need to get 114 MB of archives. After this operation, 287 MB of additional disk space will be used. Do you want to continue [Y/n]? ** SNIP for brevity** Setting up mongodb-org-shell (2.6.1) ... Setting up mongodb-org-server (2.6.1) ... Adding system user `mongodb' (UID 104) ... Adding new user `mongodb' (UID 104) with group `nogroup' ... Not creating home directory `/home/mongodb'. Adding group `mongodb' (GID 107) ... Done. Adding user `mongodb' to group `mongodb' ... Adding user mongodb to group mongodb Done. [ ok ] Starting database: mongod. Setting up mongodb-org-mongos (2.6.1) ... Setting up mongodb-org-tools (2.6.1) ... Setting up mongodb-org (2.6.1) ... root@deb7:~# mongo MongoDB shell version: 2.6.1 connecting to: test Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user > use admin switched to db admin > db.createUser( ... { ... user: "adam", ... pwd: "password123", ... roles: ... [ ... { ... role: "userAdminAnyDatabase", ... db: "admin" ... } ... ] ... } ... ) Successfully added user: { "user" : "adam", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }

接下来，我编辑了/etc/mongod.conf文件，并删除了注释为auth = true的# （我没有做其他更改）。我保存了该文件，然后重新启动服务。接下来，我与我添加的用户进行了连接，并validation了我有正确的特权：

 root@deb7:~# vim /etc/mongod.conf root@deb7:~# service mongod restart [ ok ] Restarting database: mongod. root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }

正如你所看到的，我添加的用户没有权限查看启动警告，但可以肯定的是，我检查了权限：

 > use admin switched to db admin > db.runCommand( { usersInfo:"adam", showPrivileges:true } ) { "users" : [ { "_id" : "admin.adam", "user" : "adam", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedRoles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ], "inheritedPrivileges" : [ { "resource" : { "db" : "", "collection" : "" }, "actions" : [ "changeCustomData", "changePassword", "createRole", "createUser", "dropRole", "dropUser", "grantRole", "revokeRole", "viewRole", "viewUser" ] }, { "resource" : { "cluster" : true }, "actions" : [ "authSchemaUpgrade", "invalidateUserCache", "listDatabases" ] }, { "resource" : { "db" : "", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.roles" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.version" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.new_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] }, { "resource" : { "db" : "admin", "collection" : "system.backup_users" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "planCacheRead" ] } ] } ], "ok" : 1 }

只是为了完整性，这是一个validation失败：

 root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin MongoDB shell version: 2.6.1 connecting to: test 2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210 exception: login failed

编辑/etc/mongod.conf并添加一行，如下所示：

对于mongo <3.0

auth=true

然后：

service mongod restart

对于mongo 3.x，将其添加到configuration中

 security: authorization: "enabled"

这对我有用（使用mongo 3.2）：编辑/etc/mongod.conf并添加：

安全性：授权：启用

类似于其他答案，但没有引用“启用”