Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11098

authorization error when running convertToCapped command with dbAdmin role

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 2.5.4
    • Affects Version/s: 2.5.3
    • Component/s: Security
    • Labels:
    • ALL
    • Hide 
      > use test
switched to db test
> db.x.save( {} )
> db.addUser({user: "x", pwd: "x", roles: ["dbAdmin"]})
{
	"user" : "x",
	"pwd" : "16f0d7830e94ddd4d04d1a7262e7677c",
	"roles" : [
		"dbAdmin"
	],
	"_id" : ObjectId("525574d2ae46ef9ada6138ad")
}
> db.auth("x", "x")
1
> db.runCommand({convertToCapped: "x", size: 1000})
{
	"ok" : 0,
	"errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized
on roles_commands_2 to execute command { cloneCollectionAsCapped: \"x\",
toCollection: \"tmp.convertToCapped.x\", size: 1000....\", code: 13 }"
}
      Show
      > use test switched to db test > db.x.save( {} ) > db.addUser({user: "x" , pwd: "x" , roles: [ "dbAdmin" ]}) { "user" : "x" , "pwd" : "16f0d7830e94ddd4d04d1a7262e7677c" , "roles" : [ "dbAdmin" ], "_id" : ObjectId( "525574d2ae46ef9ada6138ad" ) } > db.auth( "x" , "x" ) 1 > db.runCommand({convertToCapped: "x" , size: 1000}) { "ok" : 0, "errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \" not authorized on roles_commands_2 to execute command { cloneCollectionAsCapped: \ "x\" , toCollection: \ "tmp.convertToCapped.x\" , size: 1000....\ ", code: 13 }" }

      Expected: A user with the dbAdmin role should be authorized to run the convertToCapped command.

      Actual: convertToCapped invokes cloneCollectionAsCapped, which raises the auth error below.

      {
	"ok" : 0,
	"errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized
on roles_commands_2 to execute command { cloneCollectionAsCapped: \"toCapped\",
toCollection: \"tmp.convertToCapped.toCapped\", size: 1000....\", code: 13 }"
}

      This is a regression from v2.4.6.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: