search by tags

for the user

adventures into the land of the command line

mongodb cheatsheet

installation:

apt-get install mongodb-org

forking warning… in /etc/mongod.conf:

    processManagement:
        fork: true

forking true will cause the init script to lose track of the pid file after mongo starts… this means you can’t stop it with the init script anymore…

to restart mongodb DO NOT USE kill -9, use kill -15 or even better, reboot the whole server after changing “fork: false”

lines starting with > are mongo shell
lines starting with $ are bash shell

create a user:

> db.createUser(
  {
    user: "rick",
    pwd: "mysooperdifficultpassword",
    roles: [ { role: "root", db: "admin" } ]
  }
)

update a user:

> db.updateUser(
  "rick",
    {
      roles : [
                { role : "root", db : "admin"  },
                { role : "userAdminAnyDatabase", db : "admin"  }
              ]
     }
)

remove a user:

> db.dropUser("some_nerd")
true

create a role:

> db.createRole({
    role: "executeEval",
    privileges: [{
        resource: {
            anyResource: true
        },
        actions: ["anyAction"]
    }],
    roles: []
})

or

$ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.createRole({role:'executeEval',privileges:[{resource:{anyResource: true},actions:['anyAction']}],roles:[]})" admin

grant a role to a user:

> db.grantRolesToUser('admin',
[{
    role: 'executeEval',
    db: 'admin'
}])

or

$ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.grantRolesToUser('rick',[{role:'executeEval',db:'admin'}])" admin

grant read permissions to a user on all dbs:

> db.createUser(
  {
    user: "myreadonlyuser",
    pwd: "wabalubadubdub",
    roles: [ { role: "readAnyDatabase", db: "admin" } ]
  }
)

> db.updateUser(
  "readonly",
    {
      roles : [
                { role : "readAnyDatabase", db : "admin"  }
              ]
     }
)

show users:

> show users
{
    "_id" : "admin.rick",
    "user" : "rick",
    "db" : "admin",
    "roles" : [
        {
            "role" : "executeEval",
            "db" : "admin"
        },
        {
            "role" : "root",
            "db" : "admin"
        },
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}
{
    "_id" : "admin.readonly",
    "user" : "readonly",
    "db" : "admin",
    "roles" : [
        {
            "role" : "readAnyDatabase",
            "db" : "admin"
        }
    ]
}

check if a specific user exists:

$ mongo -u rick -p mysooperdifficultpassword --authenticationDatabase admin --quiet --eval "db.system.users.find({user:'rick'}).count()" admin

show privileges associated to a role:

> use admin
> db.getRole( "readAnyDatabase", { showPrivileges: true } )
{
    "role" : "readAnyDatabase",
    "db" : "admin",
    "isBuiltin" : true,
    "roles" : [ ],
    "inheritedRoles" : [ ],
    "privileges" : [
        {
            "resource" : {
                "db" : "",
                "collection" : ""
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "cluster" : true
            },
            "actions" : [
                "listDatabases"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.indexes"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.js"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.namespaces"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        }
    ],
    "inheritedPrivileges" : [
        {
            "resource" : {
                "db" : "",
                "collection" : ""
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "cluster" : true
            },
            "actions" : [
                "listDatabases"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.indexes"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.js"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "",
                "collection" : "system.namespaces"
            },
            "actions" : [
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        }
    ]
}

create a db:

> use c137
switched to db c137
> show dbs
admin  0.000GB
local  0.000GB
> db.users.save( {username:"morty"} )
WriteResult({ "nInserted" : 1 })
> db.users.find()
{ "_id" : ObjectId("58dbc20a41fd06955db4cb64"), "username" : "morty" }
> show dbs
admin     0.000GB
local     0.000GB
c137  0.000GB

drop a db:

> use c137
switched to db c137
> db.runCommand( { dropDatabase: 1 } )
{ "dropped" : "c137", "ok" : 1 }
> show dbs
admin  0.000GB
local  0.000GB

take a db dump:

$ mongodump -u rick -p mysooperdifficultpassword --authenticationDatabase admin

this will by default dump everything to a folder called ‘dump’ in your current directory

restore a db dump:

$ mongorestore -u rick -p mysooperdifficultpassword --authenticationDatabase /path/to/dump