Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11362

Unauthorized write operations are only logged with -v

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Minor - P4 Minor - P4
    • None
    • 2.5.4
    • Logging, Security, Shell

    Description

      By default, when running mongod, only query authorization failures are shown in the log. Those for updates, deletes, inserts etc are not shown unless the logging level is increased.

      This appears every time an unauthorized query happens with the default logging level:

      2013-10-24T14:52:24.637-0400 [conn2] User Assertion: 13:not authorized for query on test.test
      2013-10-24T14:52:24.637-0400 [conn2] assertion 13 not authorized for query on test.test ns:test.test query:{ a: 1.0 }
      2013-10-24T14:52:24.637-0400 [conn2] query  keyUpdates:0 exception: not authorized for query on test.test code:13  reslen:83 0ms

      This does not appear in the log unless logging level is increased with -v:

      2013-10-24T14:57:19.007-0400 [conn2] User Assertion: 13:not authorized for update on test.test
      2013-10-24T14:57:19.007-0400 [conn2] update test.test keyUpdates:0 exception: not authorized for update on test.test code:13  0ms
      2013-10-24T14:57:19.007-0400 [conn2] run command test.$cmd { getlasterror: 1.0, w: 1.0 }

      Also, in the shell, the output for a failed query looks different than the output for a failed insert, update, delete, etc:

      > db.test.find({a:1})
      error: { "$err" : "not authorized for query on test.test", "code" : 13 }
       
      > db.test.update({a:1},{a:2})
      not authorized for update on test.test
       
      > db.test.remove({a:1})
      not authorized to remove from test.test

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            tyler@10gen.com Tyler Brock
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: