diff --git a/plugins/mongodb/index.py b/plugins/mongodb/index.py
index 554d8f42a..4256af82d 100755
--- a/plugins/mongodb/index.py
+++ b/plugins/mongodb/index.py
@@ -82,6 +82,9 @@ def getConfigData():
     return config
 
 def setConfig(config_data):
+    t = status()
+
+
     cfg = getConf()
     try:
         mw.writeFile(cfg, yaml.safe_dump(config_data))
@@ -136,8 +139,7 @@ def checkArgs(data, ck=[]):
 
 def status():
     data = mw.execShell(
-        "ps -ef|grep mongod |grep -v grep | grep -v /Applications | grep -v python | grep -v mdserver-web | awk '{print $2}'")
-
+        "ps -ef|grep mongod |grep -v mongosh|grep -v grep | grep -v /Applications | grep -v python | grep -v mdserver-web | awk '{print $2}'")
     if data[0] == '':
         return 'stop'
     return 'start'
@@ -170,31 +172,34 @@ def pSqliteDb(dbname='users'):
     conn = mw.M(dbname).dbPos(getServerDir(), name)
     return conn
 
-def mongdbClient():
+def mongdbClientS():
     import pymongo
     port = getConfPort()
     auth = getConfAuth()
     mg_root = pSqliteDb('config').where('id=?', (1,)).getField('mg_root')
 
-    # print(auth)
     if auth == 'disabled':
         client = pymongo.MongoClient(host='127.0.0.1', port=int(port), directConnection=True)
     else:
-        client = pymongo.MongoClient(host='127.0.0.1', port=int(port), directConnection=True,username='root',password=mg_root)
+        # print(auth,mg_root)
+        client = pymongo.MongoClient(host='127.0.0.1', port=int(port), directConnection=True, username='root',password=mg_root)
     return client
 
-def mongdbClientWithPass():
+def mongdbClient():
     import pymongo
     port = getConfPort()
     auth = getConfAuth()
-    # print(auth)
     mg_root = pSqliteDb('config').where('id=?', (1,)).getField('mg_root')
+
+    
     if auth == 'disabled':
         client = pymongo.MongoClient(host='127.0.0.1', port=int(port), directConnection=True)
     else:
-        uri = "mongodb://root:"+mg_root+"@127.0.0.1:"+str(port)
+        # print(auth,mg_root)
+        # uri = "mongodb://root:"+mg_root+"@127.0.0.1:"+str(port)
         # print(uri)
-        client = pymongo.MongoClient(uri)
+        # client = pymongo.MongoClient(uri)
+        client = pymongo.MongoClient(host='127.0.0.1', port=int(port), directConnection=True, username='root',password=mg_root)
     return client
 
 
@@ -245,40 +250,6 @@ def initDreplace():
 
     return file_bin
 
-def initUserRoot():
-    # client = mongdbClient()
-    # db = client.admin
-
-    client_pass = mongdbClientWithPass()
-    listDbs = client_pass.admin.command({"listDatabases": 1})
-    print(listDbs)
-
-    print(client_pass.list_database_names());
-    exit(0)
-
-    # db.command("updateUser", "root", pwd=mg_pass, roles=db_all_rules)
-    # db_all_rules = [
-    #     {'role': 'root', 'db': 'admin'},
-    #     {'role': 'clusterAdmin', 'db': 'admin'},
-    #     {'role': 'readAnyDatabase', 'db': 'admin'},
-    #     {'role': 'readWriteAnyDatabase', 'db': 'admin'},
-    #     {'role': 'userAdminAnyDatabase', 'db': 'admin'},
-    #     {'role': 'dbAdminAnyDatabase', 'db': 'admin'},
-    #     {'role': 'userAdmin', 'db': 'admin'},
-    #     {'role': 'dbAdmin', 'db': 'admin'}
-    # ]
-
-    # mg_pass = mw.getRandomString(10)
-    # print(mg_pass)
-    # try:
-    #     db.command("createUser", "root", pwd=mg_pass, roles=db_all_rules)
-    # except Exception as e:
-    #     db.command('dropUser','root')
-    #     db.command("createUser", "root", pwd=mg_pass, roles=db_all_rules)
-        
-    # pSqliteDb('config').where('id=?', (1,)).save('mg_root',(mg_pass,))
-    return True
-
 
 def mgOp(method):
     file = initDreplace()
@@ -291,7 +262,6 @@ def mgOp(method):
 
     data = mw.execShell('systemctl ' + method + ' ' + getPluginName())
     if data[1] == '':
-        initUserRoot()
         return 'ok'
     return 'fail'
 
@@ -318,12 +288,15 @@ def restart():
 
 
 def getConfig():
+    t = status()
+    if t == 'stop':
+        return mw.returnJson(False,'未启动!')
+        
     d = getConfigData()
     return mw.returnJson(True,'ok',d)
 
 def saveConfig():
     d = getConfigData()
-
     args = getArgs()
     data = checkArgs(args, ['bind_ip','port','data_path','log','pid_file_path'])
     if not data[0]:
@@ -339,9 +312,66 @@ def saveConfig():
     reload()
     return mw.returnJson(True,'设置成功')
 
+def initUserRoot():
+    d = getConfigData()
+    auth_t = d['security']['authorization']
+    d['security']['authorization'] = 'disabled'
+    setConfig(d)
+    reload()
+
+    client = mongdbClient()
+    db = client.admin
+    
+    db_all_rules = [
+        {'role': 'root', 'db': 'admin'},
+        {'role': 'clusterAdmin', 'db': 'admin'},
+        {'role': 'readAnyDatabase', 'db': 'admin'},
+        {'role': 'readWriteAnyDatabase', 'db': 'admin'},
+        {'role': 'userAdminAnyDatabase', 'db': 'admin'},
+        {'role': 'dbAdminAnyDatabase', 'db': 'admin'},
+        {'role': 'userAdmin', 'db': 'admin'},
+        {'role': 'dbAdmin', 'db': 'admin'}
+    ]
+    # db.command("updateUser", "root", pwd=mg_pass, roles=db_all_rules)
+    mg_pass = mw.getRandomString(8)
+    try:
+        r1 = db.command("createUser", "root", pwd=mg_pass, roles=db_all_rules)
+        # print(r1)
+    except Exception as e:
+        # print(e)
+        r1 = db.command('dropUser','root')
+        r2 = db.command("createUser", "root", pwd=mg_pass, roles=db_all_rules)
+        # print(r1, r2)
+        
+    r = pSqliteDb('config').where('id=?', (1,)).save('mg_root',(mg_pass,))
+    # print(r)
+    # print(mg_pass)
+    # listDbs = client.admin.command({"listDatabases": 1})
+    # print(listDbs)
+    # print(client_pass.list_database_names());
+
+    d['security']['authorization'] = auth_t
+    setConfig(d)
+    reload()
+    return True
+
 def setConfigAuth():
+    init_db_root = getServerDir() + '/init_db_root.lock'
+    if not os.path.exists(init_db_root):
+        initUserRoot()
+        mw.writeFile(init_db_root,'ok')
 
-    return mw.returnJson(True,'设置成功')
+    d = getConfigData()
+    if d['security']['authorization'] == 'enabled':
+        d['security']['authorization'] = 'disabled'
+        setConfig(d)
+        reload()
+        return mw.returnJson(True,'关闭成功')
+    else:
+        d['security']['authorization'] = 'enabled'
+        setConfig(d)
+        reload()
+        return mw.returnJson(True,'开启成功')
 
 def runInfo():
     '''
@@ -370,6 +400,7 @@ def runInfo():
 def runDocInfo():    
     client = mongdbClient()
     db = client.admin
+    # print(db)
     serverStatus = db.command('serverStatus')
 
     listDbs = client.list_database_names()
diff --git a/plugins/mongodb/js/mongodb.js b/plugins/mongodb/js/mongodb.js
index 0e6be2838..7bed31de6 100644
--- a/plugins/mongodb/js/mongodb.js
+++ b/plugins/mongodb/js/mongodb.js
@@ -137,10 +137,17 @@ function mongoReplStatus() {
 function mongoSetConfig() {
     mgPost('get_config', '','',function(data){
         var rdata = $.parseJSON(data.data);
+        if (!rdata['status']){
+        	layer.msg(rdata['msg']);
+        	return;
+        }
         rdata = rdata.data;
-  
-     	var body_auth = '<input class="btswitch btswitch-ios" id="auth" type="checkbox"><label  style="float: left;top: -3px;" class="btswitch-btn" for="auth" onclick=""></label>';
-       
+        if (rdata['security']['authorization'] == 'enabled'){
+        	var body_auth = '<input class="btswitch btswitch-ios" id="auth" type="checkbox" checked><label  style="float: left;top: -3px;" class="btswitch-btn" for="auth" onclick="mongoConfigAuth();"></label>';
+        } else {
+        	var body_auth = '<input class="btswitch btswitch-ios" id="auth" type="checkbox"><label  style="float: left;top: -3px;" class="btswitch-btn" for="auth" onclick="mongoConfigAuth();"></label>';
+        }
+
         var body = "<div class='bingfa'>" +
             "<p class='line'><span class='span_tit'>IP：</span><input class='bt-input-text' type='text' name='bind_ip' value='" + rdata['net']['bindIp'] + "' />，<font>监听IP请勿随意修改</font></p>" +
             "<p class='line'><span class='span_tit'>port： </span><input class='bt-input-text' type='number' name='port' value='" + rdata['net']['port'] + "' />，<font>监听端口,一般无需修改</font></p>" +
@@ -158,6 +165,13 @@ function mongoSetConfig() {
     });
 }
 
+function mongoConfigAuth(){
+	mgPost('set_config_auth', '','',function(rdata){
+		var rdata = $.parseJSON(rdata.data);
+		layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 });
+    });
+}
+
 function mongoConfigSave(){
 	var data = {};
 	data['bind_ip'] = $('input[name="bind_ip"]').val();