> For the complete documentation index, see [llms.txt](https://db-woms.gitbook.io/db/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://db-woms.gitbook.io/db/mongo/book-5.md).

# 【第五章】MongoDB的安全

## 【第五章】MongoDB的安全

## 第五章：mongoDB的安全

标签（空格分隔）： mongoDB

1. mongoDB安全概览
2. 物理隔离与网络隔离
3. ip白名单隔离
4. 用户名密码鉴权

### mongoDB安全概览

1. 最安全是物理隔离：不现实
2. 网络隔离其次
3. 防火墙再其次
4. 用户名和密码在最后

默认mongoDB不开启权限安全认证，开启权限安全认证有下面两种方式：

1. auth开启
2. keyfile开启

#### auth开启方式

1. 修改启动配置文件，添加参数开启权限认证

   ```
   port = 12345
   #可以使用相对路径也可以使用绝对路径，这里使用相对路径
   dbpath = data
   logpath = log/mongod.log
   fork = true
   #开启权限认证
   auth = true
   ```
2. 添加用户`createUser`

   ```javascript
   {user:"<username>",pwd:"<password>",customData:{<info>},roles:[{role:"<role>",db:"<database>"}]}
   ```

   角色类型：内建类型（read < readWrite < dbAdmin < dbOwner < userAdmin）

```
> use admin
switched to db admin
> db.createUser({user:"root",pwd:"123456",customData:{age:18,addr:"shanxi"},roles:[{role:"userAdmin",db:"admin"}]})
Successfully added user: {
    "user" : "root",
    "customData" : {
        "age" : 18,
        "addr" : "shanxi"
    },
    "roles" : [
        {
            "role" : "userAdmin",
            "db" : "admin"
        }
    ]
}
>
```

#### mongoDB用户角色详解

1. 数据库角色（read,readWrite,dbAdmin,dbOwner,userAdmin）
2. 集群角色（clusterAdmin,clusterManager...）
3. 备份角色（backup,restore...）
4. 其他特设权限（DBAdminAnyDatabase...）


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://db-woms.gitbook.io/db/mongo/book-5.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.