[SERVER-10493] Update tools to support backing up and restoring user data properly with new user format 2.6 Created: 12/Aug/13  Updated: 14/May/14  Resolved: 13/Nov/13

Status: Closed
Project: Core Server
Component/s: Security, Tools
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-6246 Manipulate user objects exclusively v... Closed
depends on SERVER-9517 New schema for users and roles data Closed
is depended on by DOCS-1924 Document : Update tools to support ba... Closed
Related
related to TOOLS-134 Mongodump and mongoexport should skip... Closed
is related to SERVER-11461 mongorestore with --drop doesn't drop... Closed
is related to SERVER-9514 System-defined roles Closed
Backwards Compatibility: Minor Change
Participants:

 Description   

After the server has been updated to storing user information in the new system.userinfo and system.roleinfo collections (which will forbid direct modification, requiring commands to change any user data), the tools will have to be updated to be able to properly handle backing up and restoring user and role information.

It's still not completely clear how best this should be done - should we create a role that is allowed to do direct modification of system.userinfo and system.roleinfo and require such a role for the backup tools? Or do we need to update mongoimport and mongorestore to be able to use the proper user management commands to restore user information from a dump of system.userinfo and system.roleinfo?



 Comments   
Comment by Andy Schwerin [ 13/Nov/13 ]

I believe this is fixed, in essence, by the introduction of the system backup and restore roles. The notion of backing up and restoring the users and roles associated with an individual database is a little ambiguous, though.

Comment by Spencer Brody (Inactive) [ 30/Oct/13 ]

https://github.com/mongodb/mongo/commit/c63749eda51417e26bee88654845c689701bd919

Comment by Andy Schwerin [ 15/Oct/13 ]

QA as part of UDR/CLAC.

Comment by Andy Schwerin [ 15/Oct/13 ]

I'm pretty sure the correct solution is just to describe (system-defined?) backup and restore roles that can read/write the version, roles and users collections, as appropriate.

Comment by auto [ 06/Sep/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-10493 SERVER-9517 Quick fix to get mongorestore working with new user data format.

This is not a complete fix, more work is needed to make mongodump and mongorestore fully support the
new user schema, this change is just the minimal work to get the tests to pass.
Branch: master
https://github.com/mongodb/mongo/commit/00c0f07bb5f875b24a3db21dc91541dad5dfdcc9

Comment by Spencer Brody (Inactive) [ 04/Sep/13 ]

Also, the tools should probably support dumping/restoring users from before 2.6 as well.

Generated at Thu Feb 08 03:23:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.