Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12062

"userAdmin" and "userAdminAnyDatabase" are not enough to create users in "any database"

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.4.6
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Mac OSX 10.9
    • OS X
    • Hide

      $ mongo mono -u admin_all -p 1234
      MongoDB shell version: 2.4.6
      connecting to: mono
      > db.system.users.find()

      { "_id" : ObjectId("52a9831de41eb640bb0f5f64"), "user" : "admin_all", "pwd" : "a6316ed4886c10663cce46bc216ea375", "roles" : [ "userAdmin", "userAdminAnyDatabase" ] } { "_id" : ObjectId("52a98404ef1f9bc934b62e11"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin" ] } { "_id" : ObjectId("52a98415ef1f9bc934b62e12"), "user" : "admin_any", "pwd" : "1616611df9b47c58b607054d384cab99", "roles" : [ "userAdminAnyDatabase" ] }

      > use another
      switched to db another
      > db.addUser(

      { user: "user", pwd: "1234", roles: ["read"] }

      )
      {
      "user" : "user",
      "pwd" : "461d4f349d8d4ec3d22a4c945010c330",
      "roles" : [
      "read"
      ],
      "_id" : ObjectId("52a985372fcdbfd033003a7e")
      }
      Thu Dec 12 10:43:19.091 couldn't add user: not authorized for insert on another.system.users at src/mongo/shell/db.js:128
      >

      Show
      $ mongo mono -u admin_all -p 1234 MongoDB shell version: 2.4.6 connecting to: mono > db.system.users.find() { "_id" : ObjectId("52a9831de41eb640bb0f5f64"), "user" : "admin_all", "pwd" : "a6316ed4886c10663cce46bc216ea375", "roles" : [ "userAdmin", "userAdminAnyDatabase" ] } { "_id" : ObjectId("52a98404ef1f9bc934b62e11"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin" ] } { "_id" : ObjectId("52a98415ef1f9bc934b62e12"), "user" : "admin_any", "pwd" : "1616611df9b47c58b607054d384cab99", "roles" : [ "userAdminAnyDatabase" ] } > use another switched to db another > db.addUser( { user: "user", pwd: "1234", roles: ["read"] } ) { "user" : "user", "pwd" : "461d4f349d8d4ec3d22a4c945010c330", "roles" : [ "read" ], "_id" : ObjectId("52a985372fcdbfd033003a7e") } Thu Dec 12 10:43:19.091 couldn't add user: not authorized for insert on another.system.users at src/mongo/shell/db.js:128 >

      Having a db superuser with "userAdmin" and "userAdminAnyDatabase" is not enough to create users in other databases.

      In the steps to reproduce you have my example.

            Assignee:
            Unassigned Unassigned
            Reporter:
            gabipetrovay Gabriel Petrovay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: