Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Minor - P4
Fix Version/s: 2.5.4
Affects Version/s: 2.5.3
Component/s: Security
Labels:
- 26qa

Operating System:
ALL
Steps To Reproduce:
Hide

> use test switched to db test > db.x.save( {} ) > db.addUser({user: "x", pwd: "x", roles: ["dbAdmin"]}) { "user" : "x", "pwd" : "16f0d7830e94ddd4d04d1a7262e7677c", "roles" : [ "dbAdmin" ], "_id" : ObjectId("525574d2ae46ef9ada6138ad") } > db.auth("x", "x") 1 > db.runCommand({convertToCapped: "x", size: 1000}) { "ok" : 0, "errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized on roles_commands_2 to execute command { cloneCollectionAsCapped: \"x\", toCollection: \"tmp.convertToCapped.x\", size: 1000....\", code: 13 }" }
Show
> use test switched to db test > db.x.save( {} ) > db.addUser({user: "x" , pwd: "x" , roles: [ "dbAdmin" ]}) { "user" : "x" , "pwd" : "16f0d7830e94ddd4d04d1a7262e7677c" , "roles" : [ "dbAdmin" ], "_id" : ObjectId( "525574d2ae46ef9ada6138ad" ) } > db.auth( "x" , "x" ) 1 > db.runCommand({convertToCapped: "x" , size: 1000}) { "ok" : 0, "errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \" not authorized on roles_commands_2 to execute command { cloneCollectionAsCapped: \ "x\" , toCollection: \ "tmp.convertToCapped.x\" , size: 1000....\ ", code: 13 }" }
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Expected: A user with the dbAdmin role should be authorized to run the convertToCapped command.

Actual: convertToCapped invokes cloneCollectionAsCapped, which raises the auth error below.

{
	"ok" : 0,
	"errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized
on roles_commands_2 to execute command { cloneCollectionAsCapped: \"toCapped\",
toCollection: \"tmp.convertToCapped.toCapped\", size: 1000....\", code: 13 }"
}

This is a regression from v2.4.6.

is related to

SERVER-9233 Add jstests for role-based access control

Closed

Assignee:: Spencer Brody (Inactive)
Reporter:: David Storch
Participants:: David Storch, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Oct 09 2013 03:29:50 PM UTC
Updated:: Jul 11 2016 05:38:29 PM UTC
Resolved:: Oct 28 2013 03:40:02 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates