-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: 2.5.4
-
Component/s: Diagnostics, Replication, Security
-
Labels:None
-
Environment:OS X 10.8.4
MongoDB 2.5.4 community edition
-
Fully Compatible
-
ALL
-
The following actions/privileges are not permitted by the 2.6 clusterMonitor role in order to maintain compatibility with MMS:
1.) Permission to read the current profiling level via the {profile: -1} command.
2.) Permission to read the local.oplog.rs namespace for oplog stats.
3.) Permission to read the local.oplog.$main namespace for config svr oplog stats
4.) Permission to read the local.system.replset namespace for replica set conf
Also, not sure if related or should be separate ticket, but I'm also occasionally seeing this error from the monitoring agent log (via pymongo) when trying to run dbstats command against both of my clusterMonitor-authed shard secondaries: "expected to be write locked for config.$freelist"
Corresponding trace from MongoDB server log:
...
2013-12-10T17:47:12.279-0500 [conn5] Unauthorized not authorized on admin to execute command { profile: -1 }
2013-12-10T17:47:12.280-0500 [conn5] creating profile collection: cloud-docs.system.profile
2013-12-10T17:47:12.282-0500 [conn5] Unauthorized not authorized on cloud-docs to execute command { profile: -1 }
2013-12-10T17:47:12.289-0500 [conn5] lock status: r recursive:1 otherCount:-1 otherdb:config
2013-12-10T17:47:12.290-0500 [conn5] Assertion: 16105:expected to be write locked for config.$freelist
2013-12-10T17:47:12.343-0500 [conn5] config 0x10063800b 0x1005f7d02 0x1005e864f 0x1005e872d 0x1001b151d 0x10011790f 0x100117a48 0x100117aa4 0x1001b6bc3 0x1001cbe3c 0x1001bebb5 0x1001bfa9d 0x1001c059c 0x100323b6e 0x10032462c 0x1002a84a6 0x100006e34 0x100604e41 0x100669fd5 0x7fff8ea867a2
0 mongod 0x000000010063800b _ZN5mongo15printStackTraceERSo + 43
1 mongod 0x00000001005f7d02 _ZN5mongo10logContextEPKc + 114
2 mongod 0x00000001005e864f _ZN5mongo11msgassertedEiPKc + 255
3 mongod 0x00000001005e872d _ZN5mongo11msgassertedEiRKSs + 29
4 mongod 0x00000001001b151d _ZN5mongo4Lock17assertWriteLockedERKNS_10StringDataE + 393
5 mongod 0x000000010011790f _ZN5mongo14NamespaceIndex6add_nsERKNS_9NamespaceEPKNS_16NamespaceDetailsE + 95
6 mongod 0x0000000100117a48 _ZN5mongo14NamespaceIndex6add_nsERKNS_10StringDataEPKNS_16NamespaceDetailsE + 192
7 mongod 0x0000000100117aa4 _ZN5mongo14NamespaceIndex6add_nsERKNS_10StringDataERKNS_7DiskLocEb + 56
8 mongod 0x00000001001b6bc3 _ZN5mongo8Database19_initExtentFreeListEv + 137
9 mongod 0x00000001001cbe3c _ZN5mongo7DBStats3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 2696
10 mongod 0x00000001001bebb5 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 37
11 mongod 0x00000001001bfa9d _ZN5mongo7Command11execCommandEPS0_RNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 2223
12 mongod 0x00000001001c059c _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 1388
13 mongod 0x0000000100323b6e _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 46
14 mongod 0x000000010032462c _ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1_ + 2204
15 mongod 0x00000001002a84a6 _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 1958
16 mongod 0x0000000100006e34 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 308
17 mongod 0x0000000100604e41 _ZN5mongo17PortMessageServer17handleIncomingMsgEPv + 1681
18 mongod 0x0000000100669fd5 thread_proxy + 229
19 libsystem_c.dylib 0x00007fff8ea867a2 _pthread_start + 327
2013-12-10T17:47:12.357-0500 [conn5] Unauthorized not authorized on local to execute command { profile: -1 }
...
- is documented by
-
DOCS-9009 clusterMonitor role missing privileges for MMS compatibility
-
- Closed
-