mongofiles

macOS Sierra and Go 1.6 Incompatibility

Users running on macOS Sierra require the 3.2.10 or newer versionof mongofiles.

  • mongofiles

Synopsis

The mongofiles utility makes it possible to manipulate filesstored in your MongoDB instance in GridFS objects from thecommand line. It is particularly useful as it provides an interfacebetween objects stored in your file system and GridFS.

All mongofiles commands have the following form:

  1. mongofiles <options> <commands> <filename>

The components of the mongofiles command are:

  • Options. You may use one or more ofthese options to control the behavior of mongofiles.
  • Commands. Use one of these commands todetermine the action of mongofiles.
  • A filename which is either: the name of a file on your local’s filesystem, or a GridFS object.Run mongofiles from the system command line, not the mongo shell.

Important

For replica sets,mongofiles can only read from the set’sprimary.

Availability

The mongofiles tool is part of the MongoDB tools package. Consult theinstallation guide for your platform forinstructions on how to install the tools package as part of yourMongoDB installation.

The tools package is also available from theMongoDB Download Center,either as a separate tools download, or contained within theTGZ or ZIP downloads, depending on platform. On Windows, the MSI installer includes all tools as part of the default installation.

Tip

If downloading the TGZ or ZIP files from the DownloadCenter, you may want to update your PATH environmentvariable to include the directory where you installed these tools.See the installation guidefor your platform for more information.

Required Access

In order to connect to a mongod that enforces authorizationwith the —auth option, you must use the—username and —password options. The connecting user must possess, at aminimum:

  • the read role for the accessed database when using thelist, search or get commands,
  • the readWrite role for the accessed database when usingthe put or delete commands.

Behavior

FIPS

Starting in version 4.2, MongoDB removes the —sslFIPSModeoption for mongofiles. mongofileswill use FIPS compliant connections tomongod/mongos if themongod/mongos instances areconfigured to use FIPS mode.

Read Preference

By default, mongofiles uses read preferenceprimary. To override the default, you can specify theread preference in the—readPreference command lineoption or in the —uri connection string.

Starting in version 4.2, if you specify read preference in the URIstring and the —readPreference, the —readPreference value overrides the read preference specified in theURI string.

In earlier versions, the two options are incompatible.

Write Concern

Starting in version 4.2, you can specify both the—writeConcern and the—uri connection string option. If writeconcern is specified using both options, the—writeConcern value overridesthe write concern specified in the URI string.

In earlier versions, the two options are incompatible.

Options

Changed in version 3.0.0: mongofiles removed the —dbpath as well as related—directoryperdb and —journal options. To usemongofiles, you must run mongofiles against a runningmongod or mongos instance as appropriate.

  • —help
  • Returns information on the options and use of mongofiles.
  • —verbose, -v
  • Increases the amount of internal reporting returned on standard outputor in log files. Increase the verbosity with the -v form byincluding the option multiple times, (e.g. -vvvvv.)
  • —quiet
  • Runs mongofiles in a quiet mode that attempts to limit the amountof output.

This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
  • —version
  • Returns the mongofiles release number.
  • —uri=<connectionString>

New in version 3.4.6.

Specify a resolvable URIconnection string (enclose in quotes) to connect to the MongoDB deployment.

  1. --uri="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"

For information on the components of the connection string, seethe Connection String URI Format documentation.

Note

For TLS/SSL options, use the command-line options instead of theURI options for TLS/SSL (Available starting in4.2).

Important

The following command-line options cannot be used in conjunctionwith —uri option:

  • —host=<hostname><:port>
  • Specifies a resolvable hostname for the mongod that holdsyour GridFS system. By default mongofiles attempts to connectto a MongoDB process running on the localhost port number 27017.

Optionally, specify a port number to connect a MongoDB instance runningon a port other than 27017.

Note

You cannot specify both —host and —uri.

  • —port=<port>
  • Default: 27017

Specifies the TCP port on which the MongoDB instance listens forclient connections.

Note

You cannot specify both —port and —uri.

  • —ipv6
  • Removed in version 3.0.

Enables IPv6 support and allows mongofiles to connect to theMongoDB instance using an IPv6 network. Prior to MongoDB 3.0, youhad to specify —ipv6 to use IPv6. In MongoDB 3.0 and later, IPv6is always enabled.

  • —ssl

New in version 2.6.

Enables connection to a mongod or mongos that hasTLS/SSL support enabled.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslCAFile=<filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chainfrom the Certificate Authority. Specify the file name of the.pem file using relative or absolute paths.

Starting in version 3.4, if —tlsCAFile/net.tls.CAFile (ortheir aliases —sslCAFile/net.ssl.CAFile) is not specifiedand you are not using x.509 authentication, the system-wide CAcertificate store will be used when connecting to an TLS/SSL-enabledserver.

To use x.509 authentication, —tlsCAFile or net.tls.CAFilemust be specified unless using —tlsCertificateSelector or—net.tls.certificateSelector. Or if using the ssl aliases,—sslCAFile or net.ssl.CAFile must be specified unless using—sslCertificateSelector or net.ssl.certificateSelector.

Warning

Version 3.2 and earlier: For TLS/SSL connections (—ssl) tomongod and mongos, if the mongofiles runs without the—sslCAFile, mongofiles will not attemptto validate the server certificates. This creates a vulnerabilityto expired mongod and mongos certificates aswell as to foreign processes posing as valid mongod ormongos instances. Ensure that you always specify theCA file to validate the server certificates in cases whereintrusion is a possibility.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslPEMKeyFile=<filename>

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificateand key. Specify the file name of the .pem file using relativeor absolute paths.

This option is required when using the —ssl option to connectto a mongod or mongos that hasCAFile enabled withoutallowConnectionsWithoutCertificates.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslPEMKeyPassword=<value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e.—sslPEMKeyFile). Use the —sslPEMKeyPassword option only if thecertificate-key file is encrypted. In all cases, the mongofiles willredact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specifythe —sslPEMKeyPassword option, the mongofiles will prompt for a passphrase. SeeTLS/SSL Certificate Passphrase.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslCRLFile=<filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate RevocationList. Specify the file name of the .pem file using relative orabsolute paths.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allowsthe use of invalid certificates. When using theallowInvalidCertificates setting, MongoDB logs as awarning the use of the invalid certificate.

Starting in MongoDB 4.0, if you specify—sslAllowInvalidCertificates ornet.ssl.allowInvalidCertificates: true (or in MongoDB 4.2, thealias —tlsAllowInvalidateCertificates ornet.tls.allowInvalidCertificates: true) when using x.509authentication, an invalid certificate is only sufficient toestablish a TLS/SSL connection but is insufficient forauthentication.

Warning

Although available, avoid using the—sslAllowInvalidCertificates option if possible. If the use of—sslAllowInvalidCertificates is necessary, only use the optionon systems where intrusion is not possible.

If the mongo shell (and otherMongoDB Tools) runs with the—sslAllowInvalidCertificates option, themongo shell (and otherMongoDB Tools) will not attempt to validatethe server certificates. This creates a vulnerability to expiredmongod and mongos certificates aswell as to foreign processes posing as validmongod or mongos instances. If youonly need to disable the validation of the hostname in theTLS/SSL certificates, see —sslAllowInvalidHostnames.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslAllowInvalidHostnames

New in version 3.0.

Disables the validation of the hostnames in TLS/SSL certificates. Allowsmongofiles to connect to MongoDB instances even if the hostname in theircertificates do not match the specified hostname.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —username=<username>, -u=<username>
  • Specifies a username with which to authenticate to a MongoDB databasethat uses authentication. Use in conjunction with the —password and—authenticationDatabase options.

Note

You cannot specify both —username and —uri.

  • —password=<password>, -p=<password>
  • Specifies a password with which to authenticate to a MongoDB databasethat uses authentication. Use in conjunction with the —username and—authenticationDatabase options.

Changed in version 3.0.2: To prompt the userfor the password, pass the —username option without—password or specify an empty string as the —password value,as in —password "" .

Note

You cannot specify both —password and —uri.

Note

You cannot specify both —authenticationDatabase and —uri.

  • —authenticationMechanism=<name>
  • Default: SCRAM-SHA-1

Specifies the authentication mechanism the mongofiles instance uses toauthenticate to the mongod or mongos.

Changed in version 4.0: MongoDB removes support for the deprecated MongoDBChallenge-Response (MONGODB-CR) authentication mechanism.

MongoDB adds support for SCRAM mechanism using the SHA-256 hashfunction (SCRAM-SHA-256).

ValueDescriptionSCRAM-SHA-1RFC 5802 standardSalted Challenge Response Authentication Mechanism using the SHA-1hash function.SCRAM-SHA-256RFC 7677 standardSalted Challenge Response Authentication Mechanism using the SHA-256hash function.

Requires featureCompatibilityVersion set to 4.0.

New in version 4.0.

MONGODB-X509MongoDB TLS/SSL certificate authentication.GSSAPI (Kerberos)External authentication using Kerberos. This mechanism isavailable only in MongoDB Enterprise.PLAIN (LDAP SASL)External authentication using LDAP. You can also use PLAINfor authenticating in-database users. PLAIN transmitspasswords in plain text. This mechanism is available only inMongoDB Enterprise.

Note

You cannot specify both —authenticationMechanism and —uri.

  • —gssapiServiceName=<serviceName>

New in version 2.6.

Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use thedefault name of mongodb.

This option is available only in MongoDB Enterprise.

  • —gssapiHostName=<hostname>

New in version 2.6.

Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine doesnot match the hostname resolved by DNS.

This option is available only in MongoDB Enterprise.

  • —db=<database>, -d=<database>
  • Specifies the name of the database on which to run the mongofiles.

Note

You cannot specify both —db and —uri.

  • —local=<filename>, -l=<filename>
  • Specifies the local filesystem name of a file for get and putoperations.

In the mongofiles put and mongofiles get commands,the required <filename> modifier refers to the name the object willhave in GridFS. mongofiles assumes that this reflects thefile’s name on the local file system. This setting overrides thisdefault.

  • —type=<MIME>
  • Provides the ability to specify a MIME type to describe the fileinserted into GridFS storage. mongofiles omits this option inthe default operation.

Use only with mongofiles put operations.

  • —replace, -r
  • Alters the behavior of mongofiles put to replace existingGridFS objects with the specified local file, rather than adding anadditional object with the same name.

In the default operation, files will not be overwritten by amongofiles put option.

  • —prefix=<string>
  • Default: fs

GridFS prefix to use.

  • —writeConcern=<document>
  • Default: majority

Specifies the write concern for each write operation that mongofilesperforms.

Specify the write concern as a document with w options:

  1. --writeConcern="{w:'majority'}"

If the write concern is also included in the —uriconnection string, the command-line—writeConcern overrides the write concern specified inthe URI string.

  • —readPreference=<string|document>
  • Default: primary

Specifies the read preference formongofiles. The —readPreference option can take:

  • A string if specifying only the read preference mode:
  1. --readPreference=secondary
  1. --readPreference='{mode: "secondary", tagSets: [ { "region": "east" } ], maxStalenessSeconds: 120}'

If specifying the maxStalenessSeconds, the value must be greater than or equal to 90.

New in version 4.2.

mongofiles defaults to primaryread preference.

Starting in version 4.2, if the readpreference is also included in the —uri connection string, the command-line —readPreference overrides the read preferencespecified in the URI string.

Warning

Using a read preference other thanprimary with a connection to a mongos may produceinconsistencies, duplicates, or result in missed documents.

Commands

  • list <prefix>
  • Lists the files in the GridFS store. The characters specified afterlist (e.g. <prefix>) optionally limit the list ofreturned items to files that begin with that string of characters.
  • search <string>
  • Lists the files in the GridFS store with names that match anyportion of <string>.
  • put <filename>
  • Copy the specified file from the local file system into GridFSstorage.

Here, <filename> refers to the name the object will have inGridFS, and mongofiles assumes that this reflects the name thefile has on the local file system. If the local filename isdifferent use the mongofiles —local option.

  • get <filename>
  • Copy the specified file from GridFS storage to the local filesystem.

Here, <filename> refers to the name the object will have inGridFS. mongofiles writes the file to the localfile system using the file’s filename in GridFS. To choose adifferent location for the file on the local file system, use the—local option.

  • get_id "<_id>"

New in version 3.2.0.

Copy the file, specified by its <_id>, from GridFS storage to thelocal file system.

Here <_id> refers to the extended JSON _id of theobject in GridFS:

  • Starting in MongoDB 4.2, get_id can accept either ObjectIdvalues or non-ObjectId values for <_id>.
  • In MongoDB 4.0 and earlier, get_id onlyaccepts <ObjectId> values.mongofiles writes the file to the localfile system using the file’s filename in GridFS. To choose adifferent location for the file on the local file system, use the—local option.
  • delete <filename>
  • Delete the specified file from GridFS storage.
  • delete_id "<_id>"

New in version 3.2.0.

Delete the file, specified by its <_id>, from GridFS storage:

  • Starting in MongoDB 4.2, delete_id can accepteither ObjectId values or non-ObjectId values for <_id>.
  • In MongoDB 4.0 and earlier, delete_id onlyaccepts <ObjectId> values.

Examples

To return a list of all files in a GridFS collection in therecords database, use the following invocation at the system shell:

  1. mongofiles -d=records list

This mongofiles instance will connect to themongod instance running on the 27017 localhostinterface to specify the same operation on a different port orhostname, and issue a command that resembles one of the following:

  1. mongofiles --port=37017 -d=records list
  2. mongofiles --host=db1.example.net -d=records list
  3. mongofiles --host=db1.example.net --port=37017 -d=records list

Modify any of the following commands as needed if you’re connectingthe mongod instances on different ports or hosts.

To upload a file named 32-corinth.lp to the GridFS collection inthe records database, you can use the following command:

  1. mongofiles -d=records put 32-corinth.lp

To delete the 32-corinth.lp file from this GridFS collection inthe records database, you can use the following command:

  1. mongofiles -d=records delete 32-corinth.lp

To search for files in the GridFS collection in the recordsdatabase that have the string corinth in their names, you can usefollowing command:

  1. mongofiles -d=records search corinth

To list all files in the GridFS collection in the records databasethat begin with the string 32, you can use the following command:

  1. mongofiles -d=records list 32

To fetch the file from the GridFS collection in the recordsdatabase named 32-corinth.lp, you can use the following command:

  1. mongofiles -d=records get 32-corinth.lp

To fetch the file from the GridFS collection in the records databasewith _id: ObjectId("56feac751f417d0357e7140f"), you can usethe following command:

  1. mongofiles -d=records get_id 'ObjectId("56feac751f417d0357e7140f")'

You must include quotation marks around the _id.