fsyncUnlock not authorized

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Done
    • Priority: Major - P3
    • None
    • Affects Version/s: 8.0.10
    • Component/s: None
    • None
    • ALL
    • Hide

      1 ) db.getSiblingDB("admin").createRole({
        role: "fsyncLocker",
        privileges: [
          *{ resource:

      { cluster: true }

      , actions: [ "fsync" ] }*
        ],
        roles: []
      })

      2) db.updateUser( "myuser",
                     {
                       roles : [
                                 { role : "fsyncLocker", db : "admin"  }
                               ]
                     }
                   )

      3) I connect with myuser

      4) I run this:

      db.getSiblingDB("admin").fsyncLock()

      is works, this is returned:

      {
        info: 'now locked against writes, use db.fsyncUnlock() to unlock',
        lockCount: Long('1'),
        seeAlso: 'http://dochub.mongodb.org/core/fsynccommand',
        ok: 1
      }

      5) now I try the other, the error is returned:

      db.getSiblingDB("admin").fsyncUnlock()
      MongoServerError[Unauthorized]: not authorized on admin to execute command { fsyncUnlock: 1, lsid: { id: UUID("f454d3e3-e21e-4720-b3dd-8c6d2e44dcf1") }, $db: "admin" }

      Show
      1 ) db.getSiblingDB("admin").createRole({   role: "fsyncLocker",   privileges: [     *{ resource: { cluster: true } , actions: [ "fsync" ] }*   ],   roles: [] }) 2) db.updateUser( "myuser",                 {                   roles : [                             { role : "fsyncLocker", db : "admin"  }                           ]                 }               ) 3) I connect with myuser 4) I run this: db.getSiblingDB("admin").fsyncLock() is works, this is returned: {   info: 'now locked against writes, use db.fsyncUnlock() to unlock',   lockCount: Long('1'),   seeAlso: 'http://dochub.mongodb.org/core/fsynccommand',   ok: 1 } 5) now I try the other, the error is returned: db.getSiblingDB("admin").fsyncUnlock() MongoServerError [Unauthorized] : not authorized on admin to execute command { fsyncUnlock: 1 , lsid: { id: UUID("f454d3e3-e21e-4720-b3dd-8c6d2e44dcf1") }, $db: "admin" }
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      I create this role:

      db.getSiblingDB("admin").createRole({
        role: "fsyncLocker",
        privileges: [
          { resource:

      { cluster: true }

      , actions: [ "fsync" ] }
        ],
        roles: []
      })

      and I gave it to a user in order to become able to use fsyncLock and fsyncUnlock

      However, whereas that user can run fsyncLock It cannot run fsyncUnlock, this error is returned:

      not authorized on admin to execute command { fsyncUnlock

      According to documentation both of them should be ok

      I suspect a bug, can you shed any light on this, please?

      Thank you for your time

      Mauro

            Assignee:
            Max Hirschhorn
            Reporter:
            Mauro Papandrea
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: