Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11018

Auth behavior of mergeChunks command is inconsistent with splitChunk

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor - P4 Minor - P4
    • 2.5.3
    • None
    • None
    • ALL
    • Hide

      1) run mongod with --auth
      2) use admin
      3)

      db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]})


      4)

      db.auth("x", "x")


      5) use test
      6)

      db.runCommand({splitChunk: "x"}) and receive expected auth error
      {
      	"ok" : 0,
      	"errmsg" : "splitChunk may only be run against the admin database.",
      	"code" : 13
      }


      7)

      db.runCommand({mergeChunks: "x", bounds: [{i: 1}, {i: 5}]}), and get a different error, other than auth:
      {
      	"ok" : 0,
      	"errmsg" : "sharding state must be enabled or config server specified to merge chunks"
      }

      This exposes the problem, because the auth error checking happens before checking that sharding is enabled.

      Show
      1) run mongod with --auth 2) use admin 3) db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]}) 4) db.auth("x", "x") 5) use test 6) db.runCommand({splitChunk: "x"}) and receive expected auth error { "ok" : 0, "errmsg" : "splitChunk may only be run against the admin database.", "code" : 13 } 7) db.runCommand({mergeChunks: "x", bounds: [{i: 1}, {i: 5}]}), and get a different error, other than auth: { "ok" : 0, "errmsg" : "sharding state must be enabled or config server specified to merge chunks" } This exposes the problem, because the auth error checking happens before checking that sharding is enabled.

    Description

      Both the mergeChunks command and the splitChunk command require the clusterAdmin role.

      When logged in as a user with the clusterAdmin role, splitChunk can only be run on the admin database. MergeChunks, however, can be run on any database. In order to be consistent, mergeChunks should return a "not authorized" error when run on any database other than admin.

      Attachments

        Activity

          People

            greg_10gen Greg Studer
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: