[SERVER-9009] mongodump fails when run by a read-only user - MongoDB

XML

Word

Printable

Operating System:
Linux
Steps To Reproduce:
Hide

Connect to Mongo:
use admin
db.addUser("backup","xxxxx",true)
exit

mongodump --host localhost:27018 -u backup -p xxxxx -o .
connected to: localhost:27018
Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx
Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson
assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 }

Setting the user read-only flag back to "false", and the backup will run successfully.
Show
Connect to Mongo: use admin db.addUser("backup","xxxxx",true) exit mongodump --host localhost:27018 -u backup -p xxxxx -o . connected to: localhost:27018 Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 } Setting the user read-only flag back to "false", and the backup will run successfully.

The mongodump command fails when it authenticates with a read-only user.

This appeared to work in an earlier version, and it would seem to be more secure to not have to use a backup user with write access.

duplicates

TOOLS-134 Mongodump and mongoexport should skip collections they don't have read access to

related to

SERVER-4692 Read-only users should be denied access to system.users collection