Description
This is an extension of SERVER-13727. Unfortunately, that ticket did not specify that this privilege is necessary for all collections, including the system collections
Here's what my user looks like:
backup_test:PRIMARY> db.system.users.find({user:'mms-backup-agent'}).pretty()
|
{
|
"_id" : "admin.mms-backup-agent",
|
"user" : "mms-backup-agent",
|
"db" : "admin",
|
"credentials" : {
|
"MONGODB-CR" : "6187ca3816a65edef454cc6de1e05fb7"
|
},
|
"roles" : [
|
{
|
"role" : "backup",
|
"db" : "admin"
|
}
|
]
|
}
|
and here's what happens when I try to perform collstats on system.users:
backup_test:PRIMARY> db.auth('mms-backup-agent','10gen')
|
1
|
backup_test:PRIMARY> db.runCommand({ collstats: "system.users" });
|
{
|
"ok" : 0,
|
"errmsg" : "not authorized on admin to execute command { collstats: \"system.users\" }",
|
"code" : 13
|
}
|
backup_test:PRIMARY>
|
backup_test:PRIMARY> use food
|
switched to db food
|
backup_test:PRIMARY> db.runCommand({ collstats: "desert" });
|
{
|
"ns" : "food.desert",
|
"count" : 1,
|
"size" : 48,
|
"avgObjSize" : 48,
|
"storageSize" : 8192,
|
"numExtents" : 1,
|
"nindexes" : 1,
|
"lastExtentSize" : 8192,
|
"paddingFactor" : 1,
|
"systemFlags" : 1,
|
"userFlags" : 1,
|
"totalIndexSize" : 8176,
|
"indexSizes" : {
|
"_id_" : 8176
|
},
|
"ok" : 1
|
}
|
Notice that I can perform collstats on a regular collection like food.desert.
I think the problem is here. I'm guessing that system.users is not a "normal resource".
Attachments
Issue Links
- is related to
-
SERVER-13727 The "backup" auth role should allow running the "collstats" command
-
- Closed
-