On MongoD
Steps to reproduce:
Create a read-only user in any database:
> db.addUser('mod', 'pass', true)
Restart with mongod --auth.
> db.auth('mod','pass') > db.system.users.find() error: { "$err": "unauthorized db:test ns:test.system.users lock type:1 client:127.0.0.1", "code": 10057 }
On MongoS started --keyFile filename and members with --auth --keyFile filename
> db.auth('mod','pass') > db.system.users.find() { "_id": ObjectId("509cea7b45f86c6fcc64b71c"), "user": "mod", "readOnly": true, "pwd": "aa387b99960161d09f7a38d57fd7a15a" }
Note that the mongoD is not part of the mongoS shard. And same occurs on localhost and connecting from a remote host in LAN.
- related to
-
SERVER-4692 Read-only users should be denied access to system.users collection
- Closed
-
SERVER-3198 Ability to restrict operations by role
- Closed