mongofiles

macOS Sierra and Go 1.6 Incompatibility

Users running on macOS Sierra require the 3.2.10 or newer version of mongofiles.

mongofiles

Synopsis

The mongofiles utility makes it possible to manipulate files stored in your MongoDB instance in GridFS objects from the command line. It is particularly useful as it provides an interface between objects stored in your file system and GridFS.

All mongofiles commands have the following form:

mongofiles <options> <commands> <filename>

The components of the mongofiles command are:

  1. Options. You may use one or more of these options to control the behavior of mongofiles.
  2. Commands. Use one of these commands to determine the action of mongofiles.
  3. A filename which is either: the name of a file on your local’s file system, or a GridFS object.

Run mongofiles from the system command line, not the mongo shell.

Important

For replica sets, mongofiles can only read from the set’s primary.

Required Access

In order to connect to a mongod that enforces authorization with the --auth option, you must use the --username and --password options. The connecting user must possess, at a minimum:

  • the read role for the accessed database when using the list, search or get commands,
  • the readWrite role for the accessed database when using the put or delete commands.

Options

Changed in version 3.0.0: mongofiles removed the --dbpath as well as related --directoryperdb and --journal options. To use mongofiles, you must run mongofiles against a running mongod or mongos instance as appropriate.

--help

Returns information on the options and use of mongofiles.

--verbose , -v

Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet

Runs mongofiles in a quiet mode that attempts to limit the amount of output.

This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
--version

Returns the mongofiles release number.

--uri <connectionString>

New in version 3.4.6.

Specify a resolvable URI connection string to connect to the MongoDB deployment.

--uri "mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"

For more information on the components of the connection string, see the Connection String URI Format documentation.

Important

The following command-line options cannot be used in conjunction with --uri option:

Instead, specify these options as part of your --uri connection string.

--host <hostname><:port>

Specifies a resolvable hostname for the mongod that holds your GridFS system. By default mongofiles attempts to connect to a MongoDB process running on the localhost port number 27017.

Optionally, specify a port number to connect a MongoDB instance running on a port other than 27017.

Note

You cannot specify both --host and --uri.

--port <port>

Default: 27017

Specifies the TCP port on which the MongoDB instance listens for client connections.

Note

You cannot specify both --port and --uri.

--ipv6

Removed in version 3.0.

Enables IPv6 support and allows mongofiles to connect to the MongoDB instance using an IPv6 network. Prior to MongoDB 3.0, you had to specify --ipv6 to use IPv6. In MongoDB 3.0 and later, IPv6 is always enabled.

--ssl

New in version 2.6.

Enables connection to a mongod or mongos that has TLS/SSL support enabled.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslCAFile <filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

Starting in version 3.4, if --sslCAFile or ssl.CAFile is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS/SSL-enabled server.

If using x.509 authentication, --sslCAFile or ssl.CAFile must be specified.

Warning

Version 3.2 and earlier: For TLS/SSL connections (--ssl) to mongod and mongos, if the mongofiles runs without the --sslCAFile, mongofiles will not attempt to validate the server certificates. This creates a vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you always specify the CA file to validate the server certificates in cases where intrusion is a possibility.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslPEMKeyFile <filename>

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without allowConnectionsWithoutCertificates.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslPEMKeyPassword <value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongofiles will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongofiles will prompt for a passphrase. See TLS/SSL Certificate Passphrase.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslCRLFile <filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

Starting in MongoDB 3.6.6, if you specify --sslAllowInvalidCertificates or ssl.allowInvalidCertificates: true when using x.509 authentication, an invalid certificate is only sufficient to establish a TLS/SSL connection but is insufficient for authentication.

Warning

For TLS/SSL connections to mongod and mongos, avoid using --sslAllowInvalidCertificates if possible and only use --sslAllowInvalidCertificates on systems where intrusion is not possible.

If the mongo shell (and other MongoDB Tools) runs with the