Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Works as Designed
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Operating System:
ALL

$ mogno 'mongodb://user:password@localhost:27017/?authSource=admin'
MongoDB shell version v3.6.3
connecting to: mongodb://localhost:27017/?authSource=admin
MongoDB server version: 3.6.3
MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> use test
switched to db test
MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({connectionStatus: 1, showPrivileges: false})
{
	"authInfo" : {
		"authenticatedUsers" : [
			{
				"user" : "user",
				"db" : "admin"
			}
		],
		"authenticatedUserRoles" : [
			{
				"role" : "readWriteAnyDatabase",
				"db" : "admin"
			},
			{
				"role" : "dbAdminAnyDatabase",
				"db" : "admin"
			},
			{
				"role" : "clusterAdmin",
				"db" : "admin"
			},
			{
				"role" : "userAdminAnyDatabase",
				"db" : "admin"
			}
		]
	},
	"ok" : 1,
	"operationTime" : Timestamp(1527724978, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1527724978, 1),
		"signature" : {
			"hash" : BinData(0,"bS8d9oGZjPnm4m82HzJu4fj9YjA="),
			"keyId" : NumberLong("6561523985954111489")
		}
	}
}
MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({insert:"system.js", documents:[{_id:"func", value:function(k){return k;}}], bypassDocumentValidation: false})
{
	"n" : 1,
	"opTime" : {
		"ts" : Timestamp(1527724994, 1),
		"t" : NumberLong(2)
	},
	"electionId" : ObjectId("7fffffff0000000000000002"),
	"ok" : 1,
	"operationTime" : Timestamp(1527724994, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1527724994, 1),
		"signature" : {
			"hash" : BinData(0,"or3MniluGCizPnkeVRkbQg/31Bo="),
			"keyId" : NumberLong("6561523985954111489")
		}
	}
}
MongoDB Enterprise 9be5809a-ea19-4dfd-b276-de020c05d333:PRIMARY> db.runCommand({insert:"system.js", documents:[{_id:"func2", value:function(k){return k;}}], bypassDocumentValidation: true})
{
	"operationTime" : Timestamp(1527724994, 1),
	"ok" : 0,
	"errmsg" : "not authorized on test to execute command { insert: \"system.js\", bypassDocumentValidation: true, $clusterTime: { clusterTime: Timestamp(1527724994, 1), signature: { hash: BinData(0, A2BDCC9E296E1828B33E791E55191B420FF7D41A), keyId: 6561523985954111489 } }, $db: \"test\" }",
	"code" : 13,
	"codeName" : "Unauthorized",
	"$clusterTime" : {
		"clusterTime" : Timestamp(1527724994, 1),
		"signature" : {
			"hash" : BinData(0,"or3MniluGCizPnkeVRkbQg/31Bo="),
			"keyId" : NumberLong("6561523985954111489")
		}
	}
}

I'd expect this to work since the user has the bypassDocumentValidation privilege (provided by dbAdminAnyDatabase).

is related to

TOOLS-2030 mongodump does not dump system.js collections

Closed

related to

SERVER-38545 Inconsistency between different roles when inserting to system.js with bypassDocumentValidation=true

Closed

SERVER-5972 Cannot drop system.js collection

Closed

Assignee:: Asya Kamsky

Reporter:: Shane Harvey

Participants:: Asya Kamsky, Gregory McKeon, Kyle Suarez, Shane Harvey, Ted Tuckman

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: May 31 2018 12:07:59 AM UTC

Updated:: Oct 27 2023 01:53:45 PM UTC

Resolved:: Jun 08 2018 06:09:57 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates