[SERVER-11362] Unauthorized write operations are only logged with -v Created: 24/Oct/13  Updated: 10/Dec/14  Resolved: 20/Nov/13

Status: Closed
Project: Core Server
Component/s: Logging, Security, Shell
Affects Version/s: 2.5.4
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Tyler Brock Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:

 Description   

By default, when running mongod, only query authorization failures are shown in the log. Those for updates, deletes, inserts etc are not shown unless the logging level is increased.

This appears every time an unauthorized query happens with the default logging level:

2013-10-24T14:52:24.637-0400 [conn2] User Assertion: 13:not authorized for query on test.test
2013-10-24T14:52:24.637-0400 [conn2] assertion 13 not authorized for query on test.test ns:test.test query:{ a: 1.0 }
2013-10-24T14:52:24.637-0400 [conn2] query  keyUpdates:0 exception: not authorized for query on test.test code:13  reslen:83 0ms

This does not appear in the log unless logging level is increased with -v:

2013-10-24T14:57:19.007-0400 [conn2] User Assertion: 13:not authorized for update on test.test
2013-10-24T14:57:19.007-0400 [conn2] update test.test keyUpdates:0 exception: not authorized for update on test.test code:13  0ms
2013-10-24T14:57:19.007-0400 [conn2] run command test.$cmd { getlasterror: 1.0, w: 1.0 }

Also, in the shell, the output for a failed query looks different than the output for a failed insert, update, delete, etc:

> db.test.find({a:1})
error: { "$err" : "not authorized for query on test.test", "code" : 13 }
 
> db.test.update({a:1},{a:2})
not authorized for update on test.test
 
> db.test.remove({a:1})
not authorized to remove from test.test



 Comments   
Comment by Spencer Brody (Inactive) [ 20/Nov/13 ]

After updating to use write commands, unauthorized writes now get logged appropriately.

If you use the old form for writes, those still won't be logged right, but I don't think that can be fixed for authorization failures without logging all kinds of write failures. For reads we do log all read failures, so this may not be that bad, but given that the write commands change makes this moot, I'd rather leave things as they are and avoid the risk of accidentally introducing lots of extra logging.

Generated at Thu Feb 08 03:25:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.