installation:
apt-get install mongodb-org
forking warning… in /etc/mongod.conf:
processManagement: fork: true
forking true will cause the init script to lose track of the pid file after mongo starts… this means you can’t stop it with the init script anymore…
to restart mongodb DO NOT USE kill -9, use kill -15 or even better, reboot the whole server after changing “fork: false”
lines starting with > are mongo shell
lines starting with $ are bash shell
create a user:
> db.createUser( { user: "rick", pwd: "mysooperdifficultpassword", roles: [ { role: "root", db: "admin" } ] } )
update a user:
> db.updateUser( "rick", { roles : [ { role : "root", db : "admin" }, { role : "userAdminAnyDatabase", db : "admin" } ] } )
remove a user:
> db.dropUser("some_nerd") true
create a role:
> db.createRole({ role: "executeEval", privileges: [{ resource: { anyResource: true }, actions: ["anyAction"] }], roles: [] }) or $ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.createRole({role:'executeEval',privileges:[{resource:{anyResource: true},actions:['anyAction']}],roles:[]})" admin
grant a role to a user:
> db.grantRolesToUser('admin', [{ role: 'executeEval', db: 'admin' }]) or $ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.grantRolesToUser('rick',[{role:'executeEval',db:'admin'}])" admin
grant read permissions to a user on all dbs:
> db.createUser( { user: "myreadonlyuser", pwd: "wabalubadubdub", roles: [ { role: "readAnyDatabase", db: "admin" } ] } ) > db.updateUser( "readonly", { roles : [ { role : "readAnyDatabase", db : "admin" } ] } )
show users:
> show users { "_id" : "admin.rick", "user" : "rick", "db" : "admin", "roles" : [ { "role" : "executeEval", "db" : "admin" }, { "role" : "root", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } { "_id" : "admin.readonly", "user" : "readonly", "db" : "admin", "roles" : [ { "role" : "readAnyDatabase", "db" : "admin" } ] }
check if a specific user exists:
$ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.system.users.find({user:'rick'}).count()" admin
show privileges associated to a role:
> use admin > db.getRole( "readAnyDatabase", { showPrivileges: true } ) { "role" : "readAnyDatabase", "db" : "admin", "isBuiltin" : true, "roles" : [ ], "inheritedRoles" : [ ], "privileges" : [ { "resource" : { "db" : "", "collection" : "" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "cluster" : true }, "actions" : [ "listDatabases" ] }, { "resource" : { "db" : "", "collection" : "system.indexes" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "db" : "", "collection" : "system.js" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "db" : "", "collection" : "system.namespaces" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] } ], "inheritedPrivileges" : [ { "resource" : { "db" : "", "collection" : "" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "cluster" : true }, "actions" : [ "listDatabases" ] }, { "resource" : { "db" : "", "collection" : "system.indexes" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "db" : "", "collection" : "system.js" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] }, { "resource" : { "db" : "", "collection" : "system.namespaces" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "killCursors", "listCollections", "listIndexes", "planCacheRead" ] } ] }
create a db:
> use c137 switched to db c137 > show dbs admin 0.000GB local 0.000GB > db.users.save( {username:"morty"} ) WriteResult({ "nInserted" : 1 }) > db.users.find() { "_id" : ObjectId("58dbc20a41fd06955db4cb64"), "username" : "morty" } > show dbs admin 0.000GB local 0.000GB c137 0.000GB
drop a db:
> use c137 switched to db c137 > db.runCommand( { dropDatabase: 1 } ) { "dropped" : "c137", "ok" : 1 } > show dbs admin 0.000GB local 0.000GB
take a db dump:
$ mongodump -u rick -p mysooperdifficultpassword --authenticationDatabase admin
this will by default dump everything to a folder called ‘dump’ in your current directory
restore a db dump:
$ mongorestore -u rick -p mysooperdifficultpassword --authenticationDatabase /path/to/dump