[SERVER-14212] mongorestore may drop system users and roles Created: 09/Jun/14  Updated: 11/Mar/15  Resolved: 18/Jul/14

Status: Closed
Project: Core Server
Component/s: Tools
Affects Version/s: 2.6.2
Fix Version/s: 2.6.4, 2.7.4

Type: Bug Priority: Major - P3
Reporter: Jonathan Abrahams Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 28qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Completed:
Steps To Reproduce:

function runTool(toolName, mongod, shutdownServer, options) {
    if (shutdownServer) {
        MongoRunner.stopMongod(mongod);
        var opts = {dbpath: mongod.fullOptions.pathOpts.dbpath};
        Object.extend(opts, options);
        assert(!MongoRunner.runMongoTool(toolName, opts));
        mongod.fullOptions.restart = true;
        return MongoRunner.runMongod(mongod.fullOptions);
    } else {
        var opts = {host: mongod.host};
        Object.extend(opts, options);
        assert(!MongoRunner.runMongoTool(toolName, opts));
        return mongod;
    }
}
 
 
var shutdownServer = true;
var mongod = MongoRunner.runMongod();
var admindb = mongod.getDB("admin");
var db = mongod.getDB("foo");
 
// Create user & role in admin & foo
admindb.createUser({user: 'root', pwd: 'pass', roles: ['root']});
admindb.createRole({role: 'adminrole', roles: [], privileges:[]});
db.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
db.createRole({role: 'role', roles: [], privileges:[]});
 
admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
 
var dumpDir = MongoRunner.getAndPrepareDumpDirectory("restoreTest");
 
// Dump foo database *with* user data
mongod = runTool("mongodump", mongod, shutdownServer, {out: dumpDir, db: "foo", dumpDbUsersAndRoles: ""});
print("After mongodump");
 
// Drop users and create others
db = mongod.getDB('foo');
db.dropUser('user')
db.createUser({user: 'user2', pwd: 'password2', roles: jsTest.basicUserRoles});
db.dropRole('role')
db.createRole({role: 'role2', roles: [], privileges:[]});
print("After creating temp users");
 
// Restore without --drop to override the changes to user data
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo'});
db = mongod.getDB('foo');
admindb = mongod.getDB("admin");
print("After mongorestore without drop");
 
admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
 
// Restore without --drop & --restoreDbUsersAndRoles
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo',
                                                          restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
admindb = mongod.getDB("admin");
print("After mongorestore without drop & restoreDbUsersAndRoles");
 
admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
 
// Restore with --drop to override the changes to user data
mongod = runTool("mongorestore", mongod, shutdownServer, {dir: dumpDir + "foo/", db: 'foo',
                                                          drop: "", restoreDbUsersAndRoles: ""});
db = mongod.getDB('foo');
admindb = mongod.getDB("admin");
print("After mongorestore with drop");
 
admindb.system.users.find().forEach( function(myDoc) {print( "user: "+myDoc._id);});
admindb.system.roles.find().forEach( function(myDoc) {print( "role: "+myDoc._id);});
 
MongoRunner.stopMongod(mongod);

Participants:

 Description   
Issue Status as of Jul 22, 2014

ISSUE SUMMARY
When mongorestore is used with all the following options:

  • --db
  • --drop
  • --restoreDbUsersAndRoles

it incorrectly drops all user and roles in the system, instead of just the users and roles for the database being restored, then restores the users and roles from the dump for the database that is being restored.

USER IMPACT
Users lose all system users and roles, and may need to re-create the admin user and restore other system users and roles.

WORKAROUNDS
N/A

AFFECTED VERSIONS
MongoDB 2.6 production releases up to 2.6.3 are affected by this issue.

FIX VERSION
The fix is included in the 2.6.4 production release.

RESOLUTION DETAILS
When restoring users and roles for a single db with --drop, don't drop users/roles from other databases.

Original description

mongorestore, when specified with the --db & --drop option, drops the admin users & roles. If it not specified, admin users & roles remain.



 Comments   
Comment by Githook User [ 22/Jul/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-14212 Fix test of _mergeAuthzCollections command by adding missing "db" field

(cherry picked from commit e1d0d5cb71ed1788fc9085cf19e7b0470c4c66d5)
Branch: v2.6
https://github.com/mongodb/mongo/commit/4c4c600896004041f161de97d497114ca16c736e

Comment by Githook User [ 21/Jul/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-14212 When restoring users and roles for a single db with --drop, don't drop users/roles from other databases
(cherry picked from commit 7dbc49a56d010ceaf6d9b57f373863763fe10280)
Branch: v2.6
https://github.com/mongodb/mongo/commit/7b2f7c76ca239ea0d6865b34c77700a622148f01

Comment by Githook User [ 18/Jul/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-14212 Fix test of _mergeAuthzCollections command by adding missing "db" field
Branch: master
https://github.com/mongodb/mongo/commit/e1d0d5cb71ed1788fc9085cf19e7b0470c4c66d5

Comment by Githook User [ 18/Jul/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-14212 When restoring users and roles for a single db with --drop, don't drop users/roles from other databases
Branch: master
https://github.com/mongodb/mongo/commit/7dbc49a56d010ceaf6d9b57f373863763fe10280

Generated at Thu Feb 08 03:34:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.