Details
Description
After SERVER-28260, a cursor created with an 'lsid' cannot be killed without passing the same lsid:
$ cat killCursorsBug.js
|
db.test.insertOne({});
|
var res = db.runCommand({find: "test", batchSize: 0, lsid: {id: BinData(4, "QlLfPHTySm6tqfuV+EOsVA==")}});
|
res = db.runCommand({killCursors: "test", cursors: [res.cursor.id]});
|
printjson(res);
|
$ mongo 'mongodb://user:password@localhost:27017' killCursorsBug.js
|
MongoDB shell version v3.4.10
|
connecting to: mongodb://user:password@localhost:27017
|
MongoDB server version: 3.7.0-180-g09d3d18
|
WARNING: shell and server versions do not match
|
{
|
"operationTime" : Timestamp(1512435604, 1),
|
"ok" : 0,
|
"errmsg" : "not authorized on test to execute command { killCursors: \"test\", cursors: [ 78117941810 ], $db: \"test\" }",
|
"code" : 13,
|
"codeName" : "Unauthorized"
|
}
|
killCursors should succeed when run with a different session or even no session at all.
Attachments
Issue Links
- is caused by
-
SERVER-28260 Create a killAnyCursor privilege
-
- Closed
-
- is related to
-
DRIVERS-430 Test that killCursors really succeeds
-
- Implementing
-