Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14994

Cannot drop system.* collections not in admin db

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Usability
    • None
    • Server Security
    • ALL
    • Platforms 2017-01-23
    • 0

    Description

      It appears that in 2.6, while making the system.* collections harder to work directly with things seem to have gotten perhaps a bit too overzealous.

      In particular, should someone have a collection names system.users in a database other than admin, it is effectively useless, yet a source of great confusion to some.

      From https://github.com/mongodb/mongo/blame/562c8cb3faff5e9fc0acdc45db8dc2d498eb2000/src/mongo/db/catalog/database.cpp#L342 it would make sense for s.isSystem() to check if it's in the admin database or not.

      Repro:

      • make a table called system.users in any database but admin.
      • attempt to delete it.
      • fail
      • give yourself __system role.
      • still fail.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            rod.adams@mongodb.com Rod Adams
            Votes:
            8 Vote for this issue
            Watchers:
            13 Start watching this issue

            Dates

              Created:
              Updated: