My read-only user can write

Question

My read-only user can write

I am using MongoDB 3.0.7. I have a database called bravegoatand a read-only user called bravegoat-r.

I connect through the shell:

mongo localhost:27017/bravegoat -u bravegoat-r -p mypassword

I switch to my database:

use bravegoat;

And I ran:

db.runCommand({connectionStatus : 1})

What outputs:

{
        "authInfo" : {
                "authenticatedUsers" : [
                        {
                                "user" : "bravegoat-r",
                                "db" : "bravegoat"
                        }
                ],
                "authenticatedUserRoles" : [
                        {
                                "role" : "read",
                                "db" : "bravegoat"
                        }
                ]
        },
        "ok" : 1
}

Only a role read, so it looks fine, but when I call .save(), my user can insert data . I read several pages about creating read-only users and I don't see my problem. I am starting to think that this may be a bug in my version.

+4

mongodb

Orientol del rio Nov 27 '15 at 0:25

source share

1 answer

Michaël Perrin · Accepted Answer · 2015-12-30T10:40:37+0000

You need to enable client access control by following these steps:

/etc/mongod.conf

security: authorization: enabled

MongoDB:

sudo service mongodb restart

My read-only user can write

More articles: