Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11027

not authorized to execute repairDatabase for user with role clusterAdmin

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.4
    • None
    • Security
    • ALL
    • Hide

      1) run mongod with --auth
      2) use admin
      3)

      db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]})

      4)

      db.auth("x", "x")

      5) use test
      6)

      db.runCommand({repairDatabase: 1})

      Show
      1) run mongod with --auth 2) use admin 3) db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]}) 4) db.auth("x", "x") 5) use test 6) db.runCommand({repairDatabase: 1})

    Description

      Expected: A user with the clusterAdmin role should be authorized to run the repairDatabase command.

      Actual: Attempting to run repairDatabase on either the admin database or a non-admin database gives an authorization error, even when the user has the clusterAdmin role:

      {
      	"ok" : 0,
      	"errmsg" : "not authorized on roles_commands_1 to execute command { repairDatabase: 1.0 }",
      	"code" : 13
      }

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: