Show
Create two users: one with role restore, one with role readWriteAnyDatabase.
Attempt to run an insert on system.js with bypassDocumentValidation=true on each user
If auth is enabled, one should succeed, and the other will fail.
> db.createUser({user: "ted" , pwd: "ted" , roles: [{role: "root" , db: "admin" }]})
Successfully added user: {
"user" : "ted" ,
"roles" : [
{
"role" : "root" ,
"db" : "admin"
}
]
}
> db.auth( "ted" , "ted" )
1
> db.createUser({user: "dave" , pwd: "dave" , roles: [{role: "restore" , db: "admin" }]})db.createUser({user: "pj" , pwd: "pj" , roles: [{role: "readWriteAnyDatabase" , db: "admin" }]})Successfully added user: {
"user" : "dave" ,
"roles" : [
{
"role" : "restore" ,
"db" : "admin"
}
]
}
>
dbdb.createUser({user: "pj" , pwd: "pj" , roles: [{role: "readWriteAnyDatabase" , db: "admin" }]})
Successfully added user: {
"user" : "pj" ,
"roles" : [
{
"role" : "readWriteAnyDatabase" ,
"db" : "admin"
}
]
}
> db.auth( "dave" , "dave" )
1
> use test
switched to db test
> db.runCommand({insert: "system.js" , documents:[{_id: "func2" , value:function(k){ return k;}}], bypassDocumentValidation: true })
{ "n" : 1 , "ok" : 1 }
> use admin
switched to db admin
> db.auth( "pj" , "pj" )
1
> use test
switched to db test
> db.runCommand({insert: "system.js" , documents:[{_id: "func3" , value:function(k){ return k;}}], bypassDocumentValidation: true })
{
"ok" : 0 ,
"errmsg" : "not authorized on test to execute command { insert: \"system.js\", bypassDocumentValidation: true, lsid: { id: UUID(\"993eb0b0-3859-4113-9829-03cdbd30db3d\") }, $db: \"test\" }" ,
"code" : 13 ,
"codeName" : "Unauthorized"
}