[SERVER-11098] authorization error when running convertToCapped command with dbAdmin role Created: 09/Oct/13  Updated: 11/Jul/16  Resolved: 28/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Bug Priority: Minor - P4
Reporter: David Storch Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-9233 Add jstests for role-based access con... Closed
Operating System: ALL
Steps To Reproduce:

> use test
switched to db test
> db.x.save( {} )
> db.addUser({user: "x", pwd: "x", roles: ["dbAdmin"]})
{
	"user" : "x",
	"pwd" : "16f0d7830e94ddd4d04d1a7262e7677c",
	"roles" : [
		"dbAdmin"
	],
	"_id" : ObjectId("525574d2ae46ef9ada6138ad")
}
> db.auth("x", "x")
1
> db.runCommand({convertToCapped: "x", size: 1000})
{
	"ok" : 0,
	"errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized
on roles_commands_2 to execute command { cloneCollectionAsCapped: \"x\",
toCollection: \"tmp.convertToCapped.x\", size: 1000....\", code: 13 }"
}

Participants:

 Description   

Expected: A user with the dbAdmin role should be authorized to run the convertToCapped command.

Actual: convertToCapped invokes cloneCollectionAsCapped, which raises the auth error below.

{
	"ok" : 0,
	"errmsg" : "cloneCollectionAsCapped failed: { ok: 0.0, errmsg: \"not authorized
on roles_commands_2 to execute command { cloneCollectionAsCapped: \"toCapped\",
toCollection: \"tmp.convertToCapped.toCapped\", size: 1000....\", code: 13 }"
}

This is a regression from v2.4.6.



 Comments   
Comment by Spencer Brody (Inactive) [ 28/Oct/13 ]

Fixed by https://github.com/mongodb/mongo/commit/2b16aca77cbd4486d780e21636b7043733e12765

Generated at Thu Feb 08 03:24:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.