Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12062

"userAdmin" and "userAdminAnyDatabase" are not enough to create users in "any database"

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • 2.4.6
    • Security
    • None
    • Mac OSX 10.9
    • OS X
    • Hide

      $ mongo mono -u admin_all -p 1234
      MongoDB shell version: 2.4.6
      connecting to: mono
      > db.system.users.find()

      { "_id" : ObjectId("52a9831de41eb640bb0f5f64"), "user" : "admin_all", "pwd" : "a6316ed4886c10663cce46bc216ea375", "roles" : [ "userAdmin", "userAdminAnyDatabase" ] } { "_id" : ObjectId("52a98404ef1f9bc934b62e11"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin" ] } { "_id" : ObjectId("52a98415ef1f9bc934b62e12"), "user" : "admin_any", "pwd" : "1616611df9b47c58b607054d384cab99", "roles" : [ "userAdminAnyDatabase" ] }

      > use another
      switched to db another
      > db.addUser(

      { user: "user", pwd: "1234", roles: ["read"] }

      )
      {
      "user" : "user",
      "pwd" : "461d4f349d8d4ec3d22a4c945010c330",
      "roles" : [
      "read"
      ],
      "_id" : ObjectId("52a985372fcdbfd033003a7e")
      }
      Thu Dec 12 10:43:19.091 couldn't add user: not authorized for insert on another.system.users at src/mongo/shell/db.js:128
      >

      Show
      $ mongo mono -u admin_all -p 1234 MongoDB shell version: 2.4.6 connecting to: mono > db.system.users.find() { "_id" : ObjectId("52a9831de41eb640bb0f5f64"), "user" : "admin_all", "pwd" : "a6316ed4886c10663cce46bc216ea375", "roles" : [ "userAdmin", "userAdminAnyDatabase" ] } { "_id" : ObjectId("52a98404ef1f9bc934b62e11"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin" ] } { "_id" : ObjectId("52a98415ef1f9bc934b62e12"), "user" : "admin_any", "pwd" : "1616611df9b47c58b607054d384cab99", "roles" : [ "userAdminAnyDatabase" ] } > use another switched to db another > db.addUser( { user: "user", pwd: "1234", roles: ["read"] } ) { "user" : "user", "pwd" : "461d4f349d8d4ec3d22a4c945010c330", "roles" : [ "read" ], "_id" : ObjectId("52a985372fcdbfd033003a7e") } Thu Dec 12 10:43:19.091 couldn't add user: not authorized for insert on another.system.users at src/mongo/shell/db.js:128 >

    Description

      Having a db superuser with "userAdmin" and "userAdminAnyDatabase" is not enough to create users in other databases.

      In the steps to reproduce you have my example.

      Attachments

        Activity

          People

            Unassigned Unassigned
            gabipetrovay Gabriel Petrovay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: