Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.4
Affects Version/s: None
Component/s: Security
Labels:
- 26qa

Operating System:
ALL
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Create a user with a single role that has the following privilege:

{ resource: {db: "test", collection: "x"}, actions: ["reIndex"] }

If the user tries to reIndex collection "x", the command fails as shown below:

> db.runCommand({reIndex: "x"})
{
	"nIndexesWas" : 1,
	"msg" : "indexes dropped for collection",
	"errmsg" : "exception: invalid ns to index",
	"code" : 10096,
	"ok" : 0
}

On the other hand, if the user has the dbAdmin role, then the command works just fine:

> db.x.save({})
> db.runCommand({
... createUser: "testUser",
... pwd: "password",
... roles: ["dbAdmin"]
... })
{ "ok" : 1 }
> db.auth("testUser", "password")
1
> db.runCommand({reIndex: "x"})
{
	"nIndexesWas" : 1,
	"msg" : "indexes dropped for collection",
	"nIndexes" : 1,
	"indexes" : [
		{
			"key" : {
				"_id" : 1
			},
			"ns" : "test.x",
			"name" : "_id_"
		}
	],
	"ok" : 1
}

Assignee:: David Storch
Reporter:: David Storch
Participants:: David Storch, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Oct 22 2013 09:23:39 PM UTC
Updated:: Jul 11 2016 05:39:09 PM UTC
Resolved:: Oct 24 2013 02:44:35 PM UTC

Details

Description

Attachments

Activity

People

Dates