- Reference >
- MongoDB Package Components >
mongofiles
mongofiles
¶
On this page
-
mongofiles
¶
macOS Sierra and Go 1.6 Incompatibility
Users running on macOS Sierra require the 3.2.10 or newer version
of mongofiles
.
Upcoming Tools Migration in MongoDB 4.4
Starting in MongoDB 4.4, the mongofiles
documentation
migrates to MongoDB Database Tools - mongofiles. Refer to
that page for more information on the upcoming version of
mongofiles
(tool version 100.0.0).
The documentation on this page only applies to the MongoDB 4.2
version of mongofiles
. The MongoDB 4.2 version of
mongofiles
is available for download following the instructions
in the Availability section below.
Synopsis¶
The mongofiles
utility makes it possible to manipulate files
stored in your MongoDB instance in GridFS objects from the
command line. It is particularly useful as it provides an interface
between objects stored in your file system and GridFS.
All mongofiles
commands have the following form:
The components of the mongofiles
command are:
- Options. You may use one or more of
these options to control the behavior of
mongofiles
. - Commands. Use one of these commands to
determine the action of
mongofiles
. - A filename which is either: the name of a file on your local’s file system, or a GridFS object.
Run mongofiles
from the system command line, not the mongo
shell.
Important
For replica sets,
mongofiles
can only read from the set’s
primary.
Availability¶
The mongofiles
tool is part of the MongoDB tools package. Consult the
installation guide for your platform for
instructions on how to install the tools package as part of your
MongoDB installation.
The tools package is also available from the
MongoDB Download Center,
either as a separate tools
download, or contained within the
TGZ
or ZIP
downloads, depending on platform. On Windows, the MSI
installer includes all tools as part of the default installation.
Tip
If downloading the TGZ
or ZIP
files from the Download
Center, you may want to update your PATH
environment
variable to include the directory where you installed these tools.
See the installation guide
for your platform for more information.
Required Access¶
In order to connect to a mongod
that enforces authorization
with the --auth
option, you must use the
--username
and --password
options. The connecting user must possess, at a
minimum:
Behavior¶
FIPS¶
Starting in version 4.2, MongoDB removes the --sslFIPSMode
option for mongofiles
. mongofiles
will use FIPS compliant connections to
mongod
/mongos
if the
mongod
/mongos
instances are
configured to use FIPS mode.
Read Preference¶
By default, mongofiles
uses read preference
primary
. To override the default, you can specify the
read preference in the
--readPreference
command line
option or in the --uri connection string
.
Starting in version 4.2, if you specify read preference in the URI
string and the --readPreference
, the --readPreference
value overrides the read preference specified in the
URI string.
In earlier versions, the two options are incompatible.
Write Concern¶
Starting in version 4.2, you can specify both the
--writeConcern
and the
--uri connection string
option. If write
concern is specified using both options, the
--writeConcern
value overrides
the write concern specified in the URI string.
In earlier versions, the two options are incompatible.
Options¶
-
--help
¶
Returns information on the options and use of mongofiles.
-
--verbose
,
-v
¶
Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the
-v
form by including the option multiple times, (e.g.-vvvvv
.)
-
--quiet
¶
Runs mongofiles in a quiet mode that attempts to limit the amount of output.
This option suppresses:
- output from database commands
- replication activity
- connection accepted events
- connection closed events
-
--version
¶
Returns the mongofiles release number.
-
--uri
=<connectionString>
¶ New in version 3.4.6.
Specify a resolvable URI connection string (enclose in quotes) to connect to the MongoDB deployment.
For information on the components of the connection string, see the Connection String URI Format documentation.
Note
For TLS/SSL options, use the command-line options instead of the URI options for TLS/SSL (Available starting in 4.2).
Important
The following command-line options cannot be used in conjunction with
--uri
option:--host
--port
--db
--username
--password
(if the URI connection string also includes the password)--authenticationDatabase
--authenticationMechanism
Instead, specify these options as part of your
--uri
connection string.
-
--host
=<hostname><:port>
¶ Specifies a resolvable hostname for the
mongod
that holds your GridFS system. By defaultmongofiles
attempts to connect to a MongoDB process running on the localhost port number27017
.Optionally, specify a port number to connect a MongoDB instance running on a port other than 27017.
-
--port
=<port>
¶ Default: 27017
Specifies the TCP port on which the MongoDB instance listens for client connections.
-
--ipv6
¶
Removed in version 3.0.
Enables IPv6 support and allows mongofiles to connect to the MongoDB instance using an IPv6 network. Prior to MongoDB 3.0, you had to specify
--ipv6
to use IPv6. In MongoDB 3.0 and later, IPv6 is always enabled.
-
--ssl
¶
Enables connection to a
mongod
ormongos
that has TLS/SSL support enabled.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslCAFile
=<filename>
¶ Specifies the
.pem
file that contains the root certificate chain from the Certificate Authority. Specify the file name of the.pem
file using relative or absolute paths.If
--tlsCAFile
/net.tls.CAFile
(or their aliases--sslCAFile
/net.ssl.CAFile
) is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS/SSL-enabled server.To use x.509 authentication,
--tlsCAFile
ornet.tls.CAFile
must be specified unless using--tlsCertificateSelector
or--net.tls.certificateSelector
. Or if using thessl
aliases,--sslCAFile
ornet.ssl.CAFile
must be specified unless using--sslCertificateSelector
ornet.ssl.certificateSelector
.Warning
Version 3.2 and earlier: For TLS/SSL connections (
--ssl
) tomongod
andmongos
, if the mongofiles runs without the--sslCAFile
, mongofiles will not attempt to validate the server certificates. This creates a vulnerability to expiredmongod
andmongos
certificates as well as to foreign processes posing as validmongod
ormongos
instances. Ensure that you always specify the CA file to validate the server certificates in cases where intrusion is a possibility.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslPEMKeyFile
=<filename>
¶ Specifies the
.pem
file that contains both the TLS/SSL certificate and key. Specify the file name of the.pem
file using relative or absolute paths.This option is required when using the
--ssl
option to connect to amongod
ormongos
that hasCAFile
enabled withoutallowConnectionsWithoutCertificates
.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslPEMKeyPassword
=<value>
¶ Specifies the password to de-crypt the certificate-key file (i.e.
--sslPEMKeyFile
). Use the--sslPEMKeyPassword
option only if the certificate-key file is encrypted. In all cases, the mongofiles will redact the password from all logging and reporting output.If the private key in the PEM file is encrypted and you do not specify the
--sslPEMKeyPassword
option, the mongofiles will prompt for a passphrase. See TLS/SSL Certificate Passphrase.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslCRLFile
=<filename>
¶ Specifies the
.pem
file that contains the Certificate Revocation List. Specify the file name of the.pem
file using relative or absolute paths.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslAllowInvalidCertificates
¶
Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the
allowInvalidCertificates
setting, MongoDB logs as a warning the use of the invalid certificate.Starting in MongoDB 4.0, if you specify
--sslAllowInvalidCertificates
ornet.ssl.allowInvalidCertificates: true
(or in MongoDB 4.2, the alias--tlsAllowInvalidateCertificates
ornet.tls.allowInvalidCertificates: true
) when using x.509 authentication, an invalid certificate is only sufficient to establish a TLS/SSL connection but is insufficient for authentication.Warning
Although available, avoid using the
--sslAllowInvalidCertificates
option if possible. If the use of--sslAllowInvalidCertificates
is necessary, only use the option on systems where intrusion is not possible.If the
mongo
shell (and other MongoDB Tools) runs with the--sslAllowInvalidCertificates
option, themongo
shell (and other MongoDB Tools) will not attempt to validate the server certificates. This creates a vulnerability to expiredmongod
andmongos
certificates as well as to foreign processes posing as validmongod
ormongos
instances. If you only need to disable the validation of the hostname in the TLS/SSL certificates, see--sslAllowInvalidHostnames
.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslAllowInvalidHostnames
¶
Disables the validation of the hostnames in TLS/SSL certificates. Allows mongofiles to connect to MongoDB instances even if the hostname in their certificates do not match the specified hostname.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--username
=<username>
,
-u
=<username>
¶ Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--password
and--authenticationDatabase
options.Note
You cannot specify both
--username
and--uri
.
-
--password
=<password>
,
-p
=<password>
¶ Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--username
and--authenticationDatabase
options.To prompt the user for the password, pass the
--username
option without--password
or specify an empty string as the--password
value, as in--password ""
.Note
You cannot specify both
--password
and--uri
.
-
--authenticationDatabase
=<dbname>
¶ Specifies the authentication database where the specified
--username
has been created. See Authentication Database.Note
You cannot specify both
--authenticationDatabase
and--uri
.
-
--authenticationMechanism
=<name>
¶ Default: SCRAM-SHA-1
Specifies the authentication mechanism the mongofiles instance uses to authenticate to the
mongod
ormongos
.Changed in version 4.0: MongoDB removes support for the deprecated MongoDB Challenge-Response (
MONGODB-CR
) authentication mechanism.MongoDB adds support for SCRAM mechanism using the SHA-256 hash function (
SCRAM-SHA-256
).Value Description SCRAM-SHA-1 RFC 5802 standard Salted Challenge Response Authentication Mechanism using the SHA-1 hash function. SCRAM-SHA-256 RFC 7677 standard Salted Challenge Response Authentication Mechanism using the SHA-256 hash function. MONGODB-X509 MongoDB TLS/SSL certificate authentication. GSSAPI (Kerberos) External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise. PLAIN (LDAP SASL) External authentication using LDAP. You can also use PLAIN
for authenticating in-database users.PLAIN
transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.Note
You cannot specify both
--authenticationMechanism
and--uri
.
-
--gssapiServiceName
=<serviceName>
¶ Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of
mongodb
.This option is available only in MongoDB Enterprise.
-
--gssapiHostName
=<hostname>
¶ Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.
This option is available only in MongoDB Enterprise.
-
--db
=<database>
,
-d
=<database>
¶ Specifies the name of the database on which to run the mongofiles.
-
--local
=<filename>
,
-l
=<filename>
¶ Specifies the local filesystem name of a file for get and put operations.
In the mongofiles put and mongofiles get commands, the required
<filename>
modifier refers to the name the object will have in GridFS.mongofiles
assumes that this reflects the file’s name on the local file system. This setting overrides this default.
-
--type
=<MIME>
¶ Provides the ability to specify a MIME type to describe the file inserted into GridFS storage.
mongofiles
omits this option in the default operation.Use only with mongofiles put operations.
-
--replace
,
-r
¶
Alters the behavior of mongofiles put to replace existing GridFS objects with the specified local file, rather than adding an additional object with the same name.
In the default operation, files will not be overwritten by a mongofiles put option.
-
--prefix
=<string>
¶ Default: fs
GridFS prefix to use.
-
--writeConcern
=<document>
¶ Default: majority
Specifies the write concern for each write operation that mongofiles performs.
Specify the write concern as a document with w options:
If the write concern is also included in the
--uri connection string
, the command-line--writeConcern
overrides the write concern specified in the URI string.
-
--readPreference
=<string|document>
¶ Default:
primary
Specifies the read preference for mongofiles. The
--readPreference
option can take:A string if specifying only the read preference mode:
A quote-enclosed document to specify the mode, the optional read preference tag sets, and the optional maxStalenessSeconds:
If specifying the maxStalenessSeconds, the value must be greater than or equal to 90.
New in version 4.2.
mongofiles defaults to
primary
read preference.Starting in version 4.2, if the read preference is also included in the
--uri connection string
, the command-line--readPreference
overrides the read preference specified in the URI string.Warning
Using a read preference other than
primary
with a connection to amongos
may produce inconsistencies, duplicates, or result in missed documents.
Commands¶
-
list <prefix>
Lists the files in the GridFS store. The characters specified after
list
(e.g.<prefix>
) optionally limit the list of returned items to files that begin with that string of characters.
-
search <string>
Lists the files in the GridFS store with names that match any portion of
<string>
.
-
put <filename>
Copy the specified file from the local file system into GridFS storage.
Here,
<filename>
refers to the name the object will have in GridFS, andmongofiles
assumes that this reflects the name the file has on the local file system. If the local filename is different use themongofiles --local
option.
-
get <filename>
Copy the specified file from GridFS storage to the local file system.
Here,
<filename>
refers to the name the object will have in GridFS.mongofiles
writes the file to the local file system using the file’sfilename
in GridFS. To choose a different location for the file on the local file system, use the--local
option.
-
get_id "<_id>"
New in version 3.2.0.
Copy the file, specified by its
<_id>
, from GridFS storage to the local file system.Here
<_id>
refers to the extended JSON_id
of the object in GridFS:- Starting in MongoDB 4.2,
get_id
can accept either ObjectId values or non-ObjectId values for<_id>
. - In MongoDB 4.0 and earlier,
get_id
only accepts<ObjectId>
values.
mongofiles
writes the file to the local file system using the file’sfilename
in GridFS. To choose a different location for the file on the local file system, use the--local
option.- Starting in MongoDB 4.2,
-
delete <filename>
Delete the specified file from GridFS storage.
-
delete_id "<_id>"
New in version 3.2.0.
Delete the file, specified by its
<_id>
, from GridFS storage:- Starting in MongoDB 4.2,
delete_id
can accept either ObjectId values or non-ObjectId values for<_id>
. - In MongoDB 4.0 and earlier,
delete_id
only accepts<ObjectId>
values.
- Starting in MongoDB 4.2,
Examples¶
To return a list of all files in a GridFS collection in the
records
database, use the following invocation at the system shell:
This mongofiles
instance will connect to the
mongod
instance running on the 27017
localhost
interface to specify the same operation on a different port or
hostname, and issue a command that resembles one of the following:
Modify any of the following commands as needed if you’re connecting
the mongod
instances on different ports or hosts.
To upload a file named 32-corinth.lp
to the GridFS collection in
the records
database, you can use the following command:
To delete the 32-corinth.lp
file from this GridFS collection in
the records
database, you can use the following command:
To search for files in the GridFS collection in the records
database that have the string corinth
in their names, you can use
following command:
To list all files in the GridFS collection in the records
database
that begin with the string 32
, you can use the following command:
To fetch the file from the GridFS collection in the records
database named 32-corinth.lp
, you can use the following command:
To fetch the file from the GridFS collection in the records
database
with _id: ObjectId("56feac751f417d0357e7140f")
, you can use the
following command:
You must include quotation marks around the _id
.