|
In the process of creating tests for SERVER-4073 I created a user who had only access to test database, not auth access. This user is not allowed to run rs.status() command. However via a write followed by getlasterror he can access information about what replica nodes there are and their address.
> rs.status()
|
{ "ok" : 0, "errmsg" : "unauthorized" }
|
> db.c1.insert({}); db.runCommand({getlasterror:1, w:9, wtimeout:5000})
|
{
|
"n" : 0,
|
"lastOp" : {
|
"t" : 1358901189000,
|
"i" : 1
|
},
|
"connectionId" : 13,
|
"wtimeout" : true,
|
"waited" : 5000,
|
"replicatedTo" : [
|
"10.5.1.168"
|
],
|
"err" : "timeout",
|
"ok" : 1
|
}
|
|