Docs HomeMongoDB Manual

Localhost ExceptionLocalhost异常

On this page本页内容

Important

On a mongod instance, the localhost exception only applies when there are no users or roles created in the MongoDB instance.mongod实例上,localhost异常仅适用于MongoDB实例中没有创建用户或角色的情况。

The localhost exception allows you to enable access control and then create the first user or role in the system. After you enable access control, connect to the localhost interface and create the first user in the admin database.localhost异常允许您启用访问控制,然后在系统中创建第一个用户或角色。启用访问控制后,连接到localhost接口并在admin数据库中创建第一个用户。

If you create a user first, the user must have privileges to create other users. 如果您首先创建用户,则该用户必须具有创建其他用户的权限。The userAdmin or userAdminAnyDatabase role both confer the privilege to create other users.userAdminuserAdminAnyDatabase角色都授予创建其他用户的权限。

Warning

Connections using the localhost exception have access to create only the first user or role.使用localhost异常的连接只能创建第一个用户或角色。

Once you create any user or role, the localhost exception is disabled. 一旦创建了任何用户或角色,就会禁用localhost异常。If you need to create a user and a role, you must create the user first using one of the builtin userAdmin or userAdminAnyDatabase roles. If you create a role first, you won't be able to create a user.如果需要创建用户和角色,则必须首先使用内置的userAdminuserAdminAnyDatabase角色之一创建用户。如果先创建角色,则无法创建用户。

The ability to create a role first with the db.createRole() method is specifically for users authorizing with LDAP. 使用db.createRole()方法首先创建角色的功能专门用于使用LDAP进行授权的用户。See LDAP Authorization for more information.有关详细信息,请参阅LDAP授权

Localhost Exception for Sharded Clusters共享群集的Localhost异常

Important
  • On a mongos, the localhost exception only applies when there are no sharded cluster users or roles created.mongos上,localhost异常仅适用于没有创建分片集群用户或角色的情况。
  • In a sharded cluster, the localhost exception applies to each shard individually as well as to the cluster as a whole.在分片集群中,localhost异常分别适用于每个分片,也适用于整个集群。

Once you create a sharded cluster and add a user administrator through the mongos instance, you must still prevent unauthorized access to the individual shards. To prevent unauthorized access to individual shards, follow one of the following steps for each shard in your cluster:一旦您创建了一个分片集群并通过mongos实例添加了一个用户管理员,您仍然必须防止对单个分片的未经授权的访问。为了防止未经授权访问单个分片,请对集群中的每个分片执行以下步骤之一: