Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-3422

Downgrade instructions re: authentication incorrect, not overly comprehensible

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • v1.3.7
    • None
    • manual
    • None

    Description

      The doc for downgrading the auth info from 2.6 to 2.4 either don't work, or else ought to be much more explicit:

      http://docs.mongodb.org/manual/release-notes/2.6-downgrade/#downgrade-2-6-user-authorization-model

      Below is a transcript of a session connecting to a v2.6.1 server where a user with userAdminAnyDatabase and readWrite on admin wasn't able to perform write operations analogous to step 3 in the downgrade instructions.

      I can't tell from the rest of the documentation whether readWrite implies the privileges stipulated in step 1 of the instructions. (readWrite privileges were sufficient to create a collection called "test" in the same database.) In any case, step 1 of the instructions ought to inform the user how to give themselves the appropriate privileges to run the rest of the steps, if that's actually possible. I observe that the text of step 1 fails even to link to any other place that would explain what the 4 lines of privileges mean and/or how they're to be set up.

      Additionally, step 2 of the instructions fails silently.

      Probably engineering ought to furnish scripts for critical operations such as these, rather than burdening docs this way. I'm sorry they've made this your problem.

      > use admin
      switched to db admin
      > db.auth("admin","admin");
      1
      > db.system.users.find()
      { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "readWrite", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
      > show collections
      system.indexes
      system.users
      system.version
      test
      > db.system.new_users.insert({ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "readWrite", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] });
      WriteResult({
      	"writeError" : {
      		"code" : 13,
      		"errmsg" : "not authorized on admin to execute command { insert: \"system.new_users\", documents: [ { _id: \"admin.admin\", user: \"admin\", db: \"admin\", credentials: { MONGODB-CR: \"7c67ef13bbd4cae106d959320af3f704\" }, roles: [ { role: \"readWrite\", db: \"admin\" }, { role: \"userAdminAnyDatabase\", db: \"admin\" } ] } ], ordered: true }"
      	}
      })

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            richard.kreuter Richard Kreuter (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              9 years, 33 weeks, 1 day ago