[SERVER-12369] Update mongodump and mongorestore to properly handle backing up users and roles in 2.6 Created: 15/Jan/14  Updated: 30/Oct/15  Resolved: 29/Jan/14

Status: Closed
Project: Core Server
Component/s: Security, Tools, Usability
Affects Version/s: 2.5.4
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-12539 Make sure mongorestoring user/role da... Closed
related to SERVER-12541 Mongorestore cannot restore 2.4-schem... Closed
related to SERVER-12491 mongorestore fails to restore 2.4-sty... Closed
is related to SERVER-11461 mongorestore with --drop doesn't drop... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Now that all user data is centralized in the admin database, doing single-db dumps with mongodump no longer properly capture the user definitions for users defined on that database, and mongorestore doesn't know how to properly restore users for a per-db dump either. Plus neither mongodump nor mongorestore know anything about restoring user-defined-role definitions.

New proposal for interface for controlling how users/roles get dumped/restored:

// dumps everything in the server
mongodump -u dan -p xxx
 
// dumps just the database (ignore users)
mongodump -u dan -p xxx -d mydb
 
// dumps database AND users and roles associated with mydb to /dump/admin/system.*  (what should this do against a < 2.6 db?)
mongodump -u dan -p xxx -d mydb --dumpDbUsersAndRoles 
 
// restore everything in the dump dir
mongorestore -u dan -p xxx 
 
// restore the db (ignore users)
mongorestore -u dan -p xxx -d mydb 
 
// restore the db as well as users stored in /dump/admin/system.* which apply to mydb (using normal mongorestore semantics)
mongorestore -u dan -p xxx -d mydb --restoreDbUsersAndRoles 
 
// restore the db as well as users stored in /dump/admin/system.* which apply to mydb (first clear out old users /oles)
mongorestore -u dan -p xxx -d mydb --restoreDbUsersAndRoles --drop



 Comments   
Comment by Githook User [ 30/Jan/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-12369 Assert that user data properly setup in dumprestore_auth3.js test
Branch: master
https://github.com/mongodb/mongo/commit/7b694b4b38e556af127b67c0b0be7aa08b982822

Comment by Githook User [ 30/Jan/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-12369 Update test now that backup and restore roles can run getParameter
Branch: master
https://github.com/mongodb/mongo/commit/bb56b28f2171c69ce7d5d334d14823987fe21d7d

Comment by Githook User [ 29/Jan/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-12369 SERVER-11461 Update mongodump and mongorestore to properly handle users and roles in 2.6

There are some known caveats:
(1) It's not safe to run mongorestore while user-management commands are
executing on a live system (SERVER-12539).

(2) To restore 2.4 users to a 2.6 system that has never had any users added, you
must manually insert the version document indicating v1 users into
admin.system.version, which must be done by a highly privileged user, before
beginning the restore (SERVER-12541).
Branch: master
https://github.com/mongodb/mongo/commit/dac6264fb0f0040f7bd8784ed44c33e4a1318d5b

Generated at Thu Feb 08 03:28:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.