如何启动具有身份验证支持的 Mongo 守护进程

Question

我想使用 Mongo init 脚本启动具有 auth 支持的 MongoDB 守护进程：

sudo /etc/init.d/mongod start

我还将 db 用户添加到数据库中以进行身份​​验证。我正在处理两个文件：（/etc/init.d/mongod用于初始化）和/etc/mongod.conf（用于配置）。

#mongod.conf:
dbpath=/var/lib/mongodb
logappend=true
port = 27017 
auth = true

非守护进程方法使用以下--auth标志正确启动进程：

mongod --auth

fork 可以工作，但这不使用 init 脚本：

mongod --fork --auth --logpath /var/log/mongod.log

阅读所有文档和相关帖子，似乎没有人有一个可行的解决方案来获得身份验证支持

service mongod start

链接：

• 使用 init 脚本启动过程的奇怪行为
• http://docs.mongodb.org/manual/administration/configuration/
• 通过 upstart 设置 mongodb - 如何传递选项？

更新：我重新安装的Debian /蒙戈，并能使用service mongod start同auth = true在的conf文件。我可能在初始安装/配置期间破坏了某些东西。

Answer 1

我刚刚使用全新安装的 Debian 7 和全新安装的 MongoDB 对此进行了测试。我首先添加了一个用户（adam），然后编辑文件/etc/mongod.conf以取消注释该auth = true行。然后，我发出service mongod restart命令并尝试以用户身份登录，并成功 - 我还尝试了错误的凭据并失败。因此，身份验证似乎工作得很好，使用配置文件指定启用身份验证没有明显的问题。

所以，有几个问题：

• 您如何测试身份验证已启用？
• 您的配置文件中是否可能有不止一行包含 auth/noauth 语句？

作为参考，这里是我的大部分测试以及来自 shell 等的反馈。

首先，安装并设置初始用户：

root@deb7:~# apt-get install mongodb-org
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  mongodb-org-mongos mongodb-org-server mongodb-org-shell mongodb-org-tools
The following NEW packages will be installed:
  mongodb-org mongodb-org-mongos mongodb-org-server mongodb-org-shell
  mongodb-org-tools
0 upgraded, 5 newly installed, 0 to remove and 20 not upgraded.
Need to get 114 MB of archives.
After this operation, 287 MB of additional disk space will be used.
Do you want to continue [Y/n]? 
** SNIP  for brevity** 
Setting up mongodb-org-shell (2.6.1) ...
Setting up mongodb-org-server (2.6.1) ...
Adding system user `mongodb' (UID 104) ...
Adding new user `mongodb' (UID 104) with group `nogroup' ...
Not creating home directory `/home/mongodb'.
Adding group `mongodb' (GID 107) ...
Done.
Adding user `mongodb' to group `mongodb' ...
Adding user mongodb to group mongodb
Done.
[ ok ] Starting database: mongod.
Setting up mongodb-org-mongos (2.6.1) ...
Setting up mongodb-org-tools (2.6.1) ...
Setting up mongodb-org (2.6.1) ...
root@deb7:~# mongo
MongoDB shell version: 2.6.1
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
    http://docs.mongodb.org/
Questions? Try the support group
    http://groups.google.com/group/mongodb-user
> use admin
switched to db admin
> db.createUser(
...   {
...     user: "adam",
...     pwd: "password123",
...     roles:
...     [
...       {
...         role: "userAdminAnyDatabase",
...         db: "admin"
...       }
...     ]
...   }
... )                           
Successfully added user: {
    "user" : "adam",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}

接下来，我编辑了该/etc/mongod.conf文件并删除了#注释掉的内容auth = true（我没有进行其他更改）。我保存了该文件，然后重新启动了服务。接下来，我与我添加的用户连接并验证我是否拥有正确的权限：

root@deb7:~# vim /etc/mongod.conf 
root@deb7:~# service mongod restart
[ ok ] Restarting database: mongod.
root@deb7:~# mongo -u adam -p password123 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }

正如您所看到的，我添加的用户没有查看启动警告的权限，但为了确定，我检查了权限：

> use admin
switched to db admin
> db.runCommand(   {     usersInfo:"adam",     showPrivileges:true   } )
{
    "users" : [
        {
            "_id" : "admin.adam",
            "user" : "adam",
            "db" : "admin",
            "roles" : [
                {
                    "role" : "userAdminAnyDatabase",
                    "db" : "admin"
                }
            ],
            "inheritedRoles" : [
                {
                    "role" : "userAdminAnyDatabase",
                    "db" : "admin"
                }
            ],
            "inheritedPrivileges" : [
                {
                    "resource" : {
                        "db" : "",
                        "collection" : ""
                    },
                    "actions" : [
                        "changeCustomData",
                        "changePassword",
                        "createRole",
                        "createUser",
                        "dropRole",
                        "dropUser",
                        "grantRole",
                        "revokeRole",
                        "viewRole",
                        "viewUser"
                    ]
                },
                {
                    "resource" : {
                        "cluster" : true
                    },
                    "actions" : [
                        "authSchemaUpgrade",
                        "invalidateUserCache",
                        "listDatabases"
                    ]
                },
                {
                    "resource" : {
                        "db" : "",
                        "collection" : "system.users"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                },
                {
                    "resource" : {
                        "db" : "admin",
                        "collection" : "system.users"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                },
                {
                    "resource" : {
                        "db" : "admin",
                        "collection" : "system.roles"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                },
                {
                    "resource" : {
                        "db" : "admin",
                        "collection" : "system.version"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                },
                {
                    "resource" : {
                        "db" : "admin",
                        "collection" : "system.new_users"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                },
                {
                    "resource" : {
                        "db" : "admin",
                        "collection" : "system.backup_users"
                    },
                    "actions" : [
                        "collStats",
                        "dbHash",
                        "dbStats",
                        "find",
                        "killCursors",
                        "planCacheRead"
                    ]
                }
            ]
        }
    ],
    "ok" : 1
}                                        

为了完整起见，这是一个身份验证失败的情况：

root@deb7:~# mongo -u root -p 12345678 --authenticationDatabase admin
MongoDB shell version: 2.6.1
connecting to: test
2014-05-11T18:04:39.793+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1210
exception: login failed