[SERVER-12539] Make sure mongorestoring user/role data doesn't interfere with ongoing user or role modifications Created: 29/Jan/14  Updated: 11/Jul/16  Resolved: 05/Mar/14

Status: Closed
Project: Core Server
Component/s: Security, Sharding, Tools
Affects Version/s: 2.5.5
Fix Version/s: 2.6.0-rc1

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-12369 Update mongodump and mongorestore to ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

If you use mongorestore to restore user or role data, those updates could conflict with other user or role management operations going on in the cluster.
Mongos uses a distributed lock to prevent user modifications performed on one mongos from conflicting with modifications from another mongos, while mongod uses a mutex. We should acquire the same lock that the user management commands do whenever mongorestore is restoring user/role data to prevent conflicting writes.

Proposed way to do this is to introduce two new commands: lockAuthzUpdateLock and unlockAuthzUpdateLock, and use them in mongorestore.



 Comments   
Comment by Githook User [ 05/Mar/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-12539 Make mongorestore not interfere with ongoing user or role modifications

This is done by making mongorestore insert the users/roles from the dump files into temporary
collections that are later merged into the real admin.system.users and admin.system.roles
collections using a new command: _mergeAuthzCollections.
Branch: master
https://github.com/mongodb/mongo/commit/5a44d3b3913f27180c04fa072a1db57ad1a09d9d

Comment by Githook User [ 29/Jan/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-12369 SERVER-11461 Update mongodump and mongorestore to properly handle users and roles in 2.6

There are some known caveats:
(1) It's not safe to run mongorestore while user-management commands are
executing on a live system (SERVER-12539).

(2) To restore 2.4 users to a 2.6 system that has never had any users added, you
must manually insert the version document indicating v1 users into
admin.system.version, which must be done by a highly privileged user, before
beginning the restore (SERVER-12541).
Branch: master
https://github.com/mongodb/mongo/commit/dac6264fb0f0040f7bd8784ed44c33e4a1318d5b

Generated at Thu Feb 08 03:28:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.