[SERVER-11018] Auth behavior of mergeChunks command is inconsistent with splitChunk Created: 03/Oct/13  Updated: 11/Jul/16  Resolved: 03/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.5.3

Type: Bug Priority: Minor - P4
Reporter: David Storch Assignee: Greg Studer
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Operating System: ALL
Steps To Reproduce:

1) run mongod with --auth
2) use admin
3)

db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]})


4)

db.auth("x", "x")


5) use test
6)

db.runCommand({splitChunk: "x"}) and receive expected auth error
{
	"ok" : 0,
	"errmsg" : "splitChunk may only be run against the admin database.",
	"code" : 13
}


7)

db.runCommand({mergeChunks: "x", bounds: [{i: 1}, {i: 5}]}), and get a different error, other than auth:
{
	"ok" : 0,
	"errmsg" : "sharding state must be enabled or config server specified to merge chunks"
}

This exposes the problem, because the auth error checking happens before checking that sharding is enabled.

Participants:

 Description   

Both the mergeChunks command and the splitChunk command require the clusterAdmin role.

When logged in as a user with the clusterAdmin role, splitChunk can only be run on the admin database. MergeChunks, however, can be run on any database. In order to be consistent, mergeChunks should return a "not authorized" error when run on any database other than admin.



 Comments   
Comment by auto [ 03/Oct/13 ]

Author:

{u'username': u'gregstuder', u'name': u'Greg Studer', u'email': u'greg@10gen.com'}

Message: SERVER-11018 require mergeChunk be run on admin database
Branch: master
https://github.com/mongodb/mongo/commit/b2b5a13324bc0ec61121ca983862acb3160fdf88

Comment by Greg Studer [ 03/Oct/13 ]

issue is mergeChunks command needs to implement "adminOnly" virtual method.

Generated at Thu Feb 08 03:24:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.