Create mongo user with right to read local database

Question

I would like to create a mongo user who can read local database. I try to use command on local database:

db.createUser(
  {     user: "readonlyuser", pwd: "loh8Ephi",
    roles: [ { role: "read", db: "local" } ]
})

But - it doesn't work. I receive:

connecting to: local
2015-12-21T14:08:07.904+0100 Error: couldn't add user: Cannot create users in the local database at src/mongo/shell/db.js:1054

I've tried to create that user against admin database:

> use admin
switched to db admin
> db.createUser(
...   {     user: "readonlyuser", pwd: "loh8Ephi", roles: [ { role: "read", db: "local" } ] })

Successfully added user: {
"user" : "readonlyuser",
"roles" : [
    {
        "role" : "read",
        "db" : "local"
    }
]

And now i try to connect:

undefine@machine:~$ mongo -u readonlyuser -p loh8Ephi local
MongoDB shell version: 2.6.11
connecting to: local
2015-12-21T15:35:19.190+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1292
exception: login failed

How to create readonly user who have access only to local database?

Answer 1

According the documentation , you cannot create users on the local database. Instead you can run your createUser query against the admin database:

use admin
db.createUser(
 {     user: "readonlyuser", pwd: "loh8Ephi",
   roles: [ { role: "read", db: "local" } ]
})

Please note that you will have to authenticate against the admin database when connecting.

Answer 2

I would do it like below

use admin
db.getSiblingDB("local").runCommand( { "createUser" : "mongoread", "pwd": "read0nly", "customData" : { "description": "mongo readonly user" }, "roles" : [ {"role" : "read","db" : "local"}] },{ w: "majority" , wtimeout: 5000 } );