[SERVER-18415] Dropping admin user doesn't reenable localhost exception Created: 11/May/15  Updated: 12/Sep/17  Resolved: 11/May/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-31045 createUser fails after dropping all u... Closed
Related
related to SERVER-12235 Don't require a database read on ever... Closed
Operating System: ALL
Steps To Reproduce:

On Mac OS 10.9:

$ mongo admin
MongoDB shell version: 3.1.3-pre-
connecting to: admin
> db.serverBuildInfo().gitVersion
9f0ceef0b37df2525cdebb172e6b05e2db8a2b20
> db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})
Successfully added user: {
	"user" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}
> db.auth('admin', 'pass')
1
> db.dropUser('admin')
true
> db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})
2015-05-11T13:25:46.023-0400 E QUERY    Error: couldn't add user: not authorized on admin to execute command { createUser: "admin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } }
    at Error (<anonymous>)
    at DB.createUser (src/mongo/shell/db.js:1178:11)
    at (shell):1:4 at src/mongo/shell/db.js:1178

Reconnecting does no good:

$ mongo admin
MongoDB shell version: 3.1.3-pre-
connecting to: admin
> db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})
2015-05-11T13:25:51.376-0400 E QUERY    Error: couldn't add user: not authorized on admin to execute command { createUser: "admin", pwd: "xxx", roles: [ { role: "root", db: "admin" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 30000.0 } }
    at Error (<anonymous>)
    at DB.createUser (src/mongo/shell/db.js:1178:11)
    at (shell):1:4 at src/mongo/shell/db.js:1178

Participants:

 Description   

It used to be that dropping all users restored the server to its original state, where commands like createUser could be executed over the localhost connection without auth. No longer.



 Comments   
Comment by Amalia Hawkins [ 11/May/15 ]

This is a side effect of the work done for SERVER-12235, where we changed behavior in 3.0 and 3.1 such that you would indeed need to restart the server to reenable the localhost exception.

Comment by A. Jesse Jiryu Davis [ 11/May/15 ]

Works as designed, driver tests just need to be rewritten.

Generated at Thu Feb 08 03:47:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.