[SERVER-15372] copyDatabase fails authentication when source db has legacy system.users collection Created: 24/Sep/14 Updated: 03/Nov/14 Resolved: 03/Nov/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.6.4 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Ben Trombley | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Incomplete | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Steps To Reproduce: | 1. Upgrade database with legacy authentication (i.e. system.users collection in the non-admin db) |
| Participants: |
| Description |
|
All databases running latest MongoDB 2.6.4 on Ubuntu. After upgrading from 2.4 -> 2.6 I tried to use the db.copyDatabase() command to copy a remote database from a production server to a test server, but always get an error that I don't have permission on the "system.users" collection. I am not able to drop this legacy collection, even when user has role 'root'. If I create a brand new database on the remote machine with the same user authorization, I can copy this successfully. I have also tried every permutation of db.copyDatabase and the copyDB command and granted both remote and local users every possible role including root. |
| Comments |
| Comment by Spencer Brody (Inactive) [ 03/Nov/14 ] |
|
Hi Ben, Cheers, |
| Comment by Spencer Brody (Inactive) [ 24/Sep/14 ] |
|
I was not able to reproduce this. Can you please paste the full command you ran in the shell (and its output) as well as the mongod logs from both the target and source mongods? When talking about copying between 2 servers with access control on, there are 2 users in play. There is the user you authenticate to on the target machine before running the copydb command, and there's also the user provided to the copydb command that is used when the target machine authenticates to the source machine. Can you please confirm that both of these users are ones with the "root" role? |