Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9009

mongodump fails when run by a read-only user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Duplicate
    • Affects Version/s: 2.2.2
    • Fix Version/s: None
    • Component/s: Admin
    • Labels:
    • Environment:
      CentOS 6.3 x86_64
    • Operating System:
      Linux
    • Steps To Reproduce:
      Hide

      Connect to Mongo:
      use admin
      db.addUser("backup","xxxxx",true)
      exit

      1. mongodump --host localhost:27018 -u backup -p xxxxx -o .
        connected to: localhost:27018
        Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx
        Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson
        assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 }

      Setting the user read-only flag back to "false", and the backup will run successfully.

      Show
      Connect to Mongo: use admin db.addUser("backup","xxxxx",true) exit mongodump --host localhost:27018 -u backup -p xxxxx -o . connected to: localhost:27018 Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 } Setting the user read-only flag back to "false", and the backup will run successfully.

      Description

      The mongodump command fails when it authenticates with a read-only user.

      This appeared to work in an earlier version, and it would seem to be more secure to not have to use a backup user with write access.

        Attachments

          Issue Links

          duplicates

          Task - A task that needs to be done. TOOLS-134 Mongodump and mongoexport should skip collections they don't have read access to

          • Critical - P2 - Crashes, loss of data, severe memory leak.
          • Closed
          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-4692 Read-only users should be denied access to system.users collection

          • Critical - P2 - Crashes, loss of data, severe memory leak.
          • Closed

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              matthew.parsons@bskyb.com Matthew Parsons
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: