`mongofiles`¶

On this page

Synopsis
Required Access
Options
Commands
Examples

macOS Sierra and Go 1.6 Incompatibility

Users running on macOS Sierra require the 3.2.10 or newer version of mongofiles.

mongofiles¶

Synopsis¶

The mongofiles utility makes it possible to manipulate files stored in your MongoDB instance in GridFS objects from the command line. It is particularly useful as it provides an interface between objects stored in your file system and GridFS.

All mongofiles commands have the following form:

copy

mongofiles <options> <commands> <filename>

The components of the mongofiles command are:

Options. You may use one or more of these options to control the behavior of mongofiles.
Commands. Use one of these commands to determine the action of mongofiles.
A filename which is either: the name of a file on your local’s file system, or a GridFS object.

Run mongofiles from the system command line, not the mongo shell.

Important

For replica sets, mongofiles can only read from the set’s primary.

Required Access¶

In order to connect to a mongod that enforces authorization with the --auth option, you must use the --username and --password options. The connecting user must possess, at a minimum:

the read role for the accessed database when using the list, search or get commands,
the readWrite role for the accessed database when using the put or delete commands.

Options¶

Changed in version 3.0.0: mongofiles removed the --dbpath as well as related --directoryperdb and --journal options. To use mongofiles, you must run mongofiles against a running mongod or mongos instance as appropriate.

--help¶: Returns information on the options and use of mongofiles.

--verbose, -v¶: Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet¶

Runs mongofiles in a quiet mode that attempts to limit the amount of output.

This option suppresses:

output from database commands
replication activity
connection accepted events
connection closed events

--version¶: Returns the mongofiles release number.

--uri <connectionString>¶

New in version 3.4.6.

Specify a resolvable URI connection string to connect to the MongoDB deployment.

copy

--uri "mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"

For more information on the components of the connection string, see the Connection String URI Format documentation.

Important

The following command-line options cannot be used in conjunction with --uri option:

--host
--port
--db
--username
--password (if the URI connection string also includes the password)
--authenticationDatabase
--authenticationMechanism

Instead, specify these options as part of your --uri connection string.

--host <hostname><:port>¶

Specifies a resolvable hostname for the mongod that holds your GridFS system. By default mongofiles attempts to connect to a MongoDB process running on the localhost port number 27017.

Optionally, specify a port number to connect a MongoDB instance running on a port other than 27017.

Note

You cannot specify both --host and --uri.

--port <port>¶

Default: 27017

Specifies the TCP port on which the MongoDB instance listens for client connections.

Note

You cannot specify both --port and --uri.

--ipv6¶

Removed in version 3.0.

Enables IPv6 support and allows mongofiles to connect to the MongoDB instance using an IPv6 network. Prior to MongoDB 3.0, you had to specify --ipv6 to use IPv6. In MongoDB 3.0 and later, IPv6 is always enabled.

--ssl¶

New in version 2.6.

Enables connection to a mongod or mongos that has TLS/SSL support enabled.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslCAFile <filename>¶

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

Starting in version 3.4, if --sslCAFile or ssl.CAFile is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS/SSL-enabled server.

If using x.509 authentication, --sslCAFile or ssl.CAFile must be specified.

Warning

Version 3.2 and earlier: For TLS/SSL connections (--ssl) to mongod and mongos, if the mongofiles runs without the --sslCAFile, mongofiles will not attempt to validate the server certificates. This creates a vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you always specify the CA file to validate the server certificates in cases where intrusion is a possibility.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslPEMKeyFile <filename>¶

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without allowConnectionsWithoutCertificates.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslPEMKeyPassword <value>¶

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongofiles will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongofiles will prompt for a passphrase. See TLS/SSL Certificate Passphrase.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslCRLFile <filename>¶

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslAllowInvalidCertificates¶

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

Starting in MongoDB 3.4.16, if you specify --sslAllowInvalidCertificates or ssl.allowInvalidCertificates: true when using x.509 authentication, an invalid certificate is only sufficient to establish a TLS/SSL connection but is insufficient for authentication.

Warning

For TLS/SSL connections to mongod and mongos, avoid using --sslAllowInvalidCertificates if possible and only use --sslAllowInvalidCertificates on systems where intrusion is not possible.

If the mongo shell (and other MongoDB Tools) runs with the --sslAllowInvalidCertificates option, the mongo shell (and other MongoDB Tools) will not attempt to validate the server certificates. This creates a vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslAllowInvalidHostnames¶

New in version 3.0.

Disables the validation of the hostnames in TLS/SSL certificates. Allows mongofiles to connect to MongoDB instances even if the hostname in their certificates do not match the specified hostname.

For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .

--sslFIPSMode¶: New in version 2.6.

Directs the mongofiles to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the --sslFIPSMode option.

Note

FIPS-compatible TLS/SSL is available only in MongoDB Enterprise. See Configure MongoDB for FIPS for more information.

--username <username>, -u <username>¶: Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --password and --authenticationDatabase options.

Note

You cannot specify both --username and --uri.

--password <password>, -p <password>¶: Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --username and --authenticationDatabase options.

Changed in version 3.0.2: To prompt the user for the password, pass the --username option without --password or specify an empty string as the --password value, as in --password "" .

Note

You cannot specify both --password and --uri.

--authenticationDatabase <dbname>¶: Specifies the authentication database where the specified --username has been created. See Authentication Database.

Note

You cannot specify both --authenticationDatabase and --uri.

--authenticationMechanism <name>¶

Default: SCRAM-SHA-1

Changed in version 2.6: Added support for the PLAIN and MONGODB-X509 authentication mechanisms.

Changed in version 3.0: Added support for the SCRAM-SHA-1 authentication mechanism. Changed default mechanism to SCRAM-SHA-1.

Specifies the authentication mechanism the mongofiles instance uses to authenticate to the mongod or mongos.

Value	Description
SCRAM-SHA-1	RFC 5802 standard Salted Challenge Response Authentication Mechanism using the SHA1 hash function.
MONGODB-CR	MongoDB challenge/response authentication.
MONGODB-X509	MongoDB TLS/SSL certificate authentication.
GSSAPI (Kerberos)	External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
PLAIN (LDAP SASL)	External authentication using LDAP. You can also use `PLAIN` for authenticating in-database users. `PLAIN` transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.

Note

You cannot specify both --authenticationMechanism and --uri.

--gssapiServiceName¶

New in version 2.6.

Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of mongodb.

This option is available only in MongoDB Enterprise.

--gssapiHostName¶

New in version 2.6.

Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.

This option is available only in MongoDB Enterprise.

--db <database>, -d <database>¶: Specifies the name of the database on which to run the mongofiles.

Note

You cannot specify both --db and --uri.

--local <filename>, -l <filename>¶

Specifies the local filesystem name of a file for get and put operations.

In the mongofiles put and mongofiles get commands, the required <filename> modifier refers to the name the object will have in GridFS. mongofiles assumes that this reflects the file’s name on the local file system. This setting overrides this default.

--type <MIME>¶

Provides the ability to specify a MIME type to describe the file inserted into GridFS storage. mongofiles omits this option in the default operation.

Use only with mongofiles put operations.

--replace, -r¶

Alters the behavior of mongofiles put to replace existing GridFS objects with the specified local file, rather than adding an additional object with the same name.

In the default operation, files will not be overwritten by a mongofiles put option.

--prefix string¶

Default: fs

GridFS prefix to use.

--writeConcern <document>¶

Default: majority

Specifies the write concern for each write operation that mongofiles performs.

Specify the write concern as a document with w options. For example:

copy

--writeConcern "{w:'majority'}"

Commands¶

list <prefix>: Lists the files in the GridFS store. The characters specified after list (e.g. <prefix>) optionally limit the list of returned items to files that begin with that string of characters.

search <string>: Lists the files in the GridFS store with names that match any portion of <string>.

put <filename>

Copy the specified file from the local file system into GridFS storage.

Here, <filename> refers to the name the object will have in GridFS, and mongofiles assumes that this reflects the name the file has on the local file system. If the local filename is different use the mongofiles --local option.

get <filename>

Copy the specified file from GridFS storage to the local file system.

Here, <filename> refers to the name the object will have in GridFS. mongofiles writes the file to the local file system using the file’s filename in GridFS. To choose a different location for the file on the local file system, use the --local option.

get_id "<ObjectId>"

New in version 3.2.0.

Copy the specified file from GridFS storage to the local file system.

Here <ObjectId> refers to the extended JSON _id of the object in GridFS. mongofiles writes the file to the local file system using the file’s filename in GridFS. To choose a different location for the file on the local file system, use the --local option.

delete <filename>: Delete the specified file from GridFS storage.

delete_id "<ObjectId>": New in version 3.2.0.

Delete the specified file from GridFS storage. Specify the file using its _id.

Examples¶

To return a list of all files in a GridFS collection in the records database, use the following invocation at the system shell:

copy

mongofiles -d records list

This mongofiles instance will connect to the mongod instance running on the 27017 localhost interface to specify the same operation on a different port or hostname, and issue a command that resembles one of the following:

copy

mongofiles --port 37017 -d records list
mongofiles --host db1.example.net -d records list
mongofiles --host db1.example.net --port 37017 -d records list

Modify any of the following commands as needed if you’re connecting the mongod instances on different ports or hosts.

To upload a file named 32-corinth.lp to the GridFS collection in the records database, you can use the following command:

copy

mongofiles -d records put 32-corinth.lp

To delete the 32-corinth.lp file from this GridFS collection in the records database, you can use the following command:

copy

mongofiles -d records delete 32-corinth.lp

To search for files in the GridFS collection in the records database that have the string corinth in their names, you can use following command:

copy

mongofiles -d records search corinth

To list all files in the GridFS collection in the records database that begin with the string 32, you can use the following command:

copy

mongofiles -d records list 32

To fetch the file from the GridFS collection in the records database named 32-corinth.lp, you can use the following command:

copy

mongofiles -d records get 32-corinth.lp

To fetch the file from the GridFS collection in the records database with _id: ObjectId("56feac751f417d0357e7140f"), you can use the following command:

copy

mongofiles -d records get_id 'ObjectId("56feac751f417d0357e7140f")'

You must include quotation marks around the _id.

← mongoldap Configuration File Options →

mongofiles¶

Synopsis¶

Required Access¶

Options¶

Commands¶

Examples¶

`mongofiles`¶