[SERVER-10493] Update tools to support backing up and restoring user data properly with new user format 2.6 Created: 12/Aug/13 Updated: 14/May/14 Resolved: 13/Nov/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Tools |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.4 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||
| Description |
|
After the server has been updated to storing user information in the new system.userinfo and system.roleinfo collections (which will forbid direct modification, requiring commands to change any user data), the tools will have to be updated to be able to properly handle backing up and restoring user and role information. It's still not completely clear how best this should be done - should we create a role that is allowed to do direct modification of system.userinfo and system.roleinfo and require such a role for the backup tools? Or do we need to update mongoimport and mongorestore to be able to use the proper user management commands to restore user information from a dump of system.userinfo and system.roleinfo? |
| Comments |
| Comment by Andy Schwerin [ 13/Nov/13 ] |
|
I believe this is fixed, in essence, by the introduction of the system backup and restore roles. The notion of backing up and restoring the users and roles associated with an individual database is a little ambiguous, though. |
| Comment by Spencer Brody (Inactive) [ 30/Oct/13 ] |
|
https://github.com/mongodb/mongo/commit/c63749eda51417e26bee88654845c689701bd919 |
| Comment by Andy Schwerin [ 15/Oct/13 ] |
|
QA as part of UDR/CLAC. |
| Comment by Andy Schwerin [ 15/Oct/13 ] |
|
I'm pretty sure the correct solution is just to describe (system-defined?) backup and restore roles that can read/write the version, roles and users collections, as appropriate. |
| Comment by auto [ 06/Sep/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: This is not a complete fix, more work is needed to make mongodump and mongorestore fully support the |
| Comment by Spencer Brody (Inactive) [ 04/Sep/13 ] |
|
Also, the tools should probably support dumping/restoring users from before 2.6 as well. |