[SERVER-15372] copyDatabase fails authentication when source db has legacy system.users collection Created: 24/Sep/14  Updated: 03/Nov/14  Resolved: 03/Nov/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.4
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Ben Trombley Assignee: Spencer Brody (Inactive)
Resolution: Incomplete Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Steps To Reproduce:

1. Upgrade database with legacy authentication (i.e. system.users collection in the non-admin db)
2. In a second server try to run the db.copyDatabase command with correct authentication/authorization.

Participants:

 Description   

All databases running latest MongoDB 2.6.4 on Ubuntu.

After upgrading from 2.4 -> 2.6 I tried to use the db.copyDatabase() command to copy a remote database from a production server to a test server, but always get an error that I don't have permission on the "system.users" collection. I am not able to drop this legacy collection, even when user has role 'root'.

If I create a brand new database on the remote machine with the same user authorization, I can copy this successfully. I have also tried every permutation of db.copyDatabase and the copyDB command and granted both remote and local users every possible role including root.



 Comments   
Comment by Spencer Brody (Inactive) [ 03/Nov/14 ]

Hi Ben,
I am resolving this ticket as I have not heard from you in some time. If this is still an issue for you and you would like further assistance, feel free to re-open and provide the information I asked for in my previous comment.

Cheers,
-Spencer

Comment by Spencer Brody (Inactive) [ 24/Sep/14 ]

I was not able to reproduce this. Can you please paste the full command you ran in the shell (and its output) as well as the mongod logs from both the target and source mongods?

When talking about copying between 2 servers with access control on, there are 2 users in play. There is the user you authenticate to on the target machine before running the copydb command, and there's also the user provided to the copydb command that is used when the target machine authenticates to the source machine. Can you please confirm that both of these users are ones with the "root" role?

Generated at Thu Feb 08 03:37:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.