[SERVER-3345] Read only user - able to create and update collection using map reduce Created: 28/Jun/11  Updated: 12/Jul/16  Resolved: 25/Oct/11

Status: Closed
Project: Core Server
Component/s: MapReduce
Affects Version/s: 1.8.1
Fix Version/s: 2.1.0

Type: Bug Priority: Major - P3
Reporter: ganesan pandurangan Assignee: Tony Hannan
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

mac os x


Issue Links:
Related
Operating System: ALL
Participants:

 Description   

Hi-

I am able to update a collection created by a read write user using a read only user by invoking map reduce.

Following is the test scenario.

Wed Jun 29 00:36:08 [initandlisten] git version: a429cd4f535b2499cc4130b06ff7c26f41c00f04

===read write user created an out collection in m/r ===

MongoDB shell version: 1.8.1
connecting to: test
> use gp
switched to db gp
> db.auth("gp","gp");
1
> show collections
myColl
mytest
system.indexes
system.profile
system.users
> db.myColl.find();
{ "_id" : 1, "value" :

{ "count" : 2 }

}
> m
Wed Jun 29 02:14:43 ReferenceError: m is not defined (shell):1
> db.myColl.drop();
true
> m=function () {
... emit(this.x,

{count:1}

);
... }
function () {
emit(this.x,

{count:1}

);
}
> r=function (key, values) {
... var total = 0;
... for (var i = 0; i < values.length; i++)

{ ... total += values[i].count; ... }
... return {count:total};
... }
function (key, values) {
var total = 0;
for (var i = 0; i < values.length; i++) { total += values[i].count; }
return {count:total};
}
> res=db.mytest.mapReduce(m,r,{out:{reduce:"myColl"}});
{
"result" : "myColl",
"timeMillis" : 43,
"counts" : { "input" : 1, "emit" : 1, "output" : 1 },
"ok" : 1,
}

=======
Read only user able to update the collection using map reduce.
MongoDB shell version: 1.8.1
connecting to: test
> use gp
switched to db gp
> db.auth("gpr","gpr");
1
> m=function () {
... emit(this.x, {count:1});
... }
function () {
emit(this.x, {count:1});
}
> function (key, values) {
... var total = 0;
... for (var i = 0; i < values.length; i++) {... total += values[i].count;... }

... return

{count:total}

;
... }
function (key, values) {
var total = 0;
for (var i = 0; i < values.length; i++)

{ total += values[i].count; }
return {count:total};
}
> res=db.mytest.mapReduce(m,r,{out:{reduce:"myColl"}});
Wed Jun 29 02:18:21 ReferenceError: r is not defined (shell):1
> r=function (key, values) {
... var total = 0;
... for (var i = 0; i < values.length; i++) { ... total += values[i].count; ... }
... return {count:total};
... }
function (key, values) {
var total = 0;
for (var i = 0; i < values.length; i++) { total += values[i].count; }

return

{count:total}

;
}
> res=db.mytest.mapReduce(m,r,{out:{reduce:"myColl"}});
{
"result" : "myColl",
"timeMillis" : 42,
"counts" :

{ "input" : 1, "emit" : 1, "output" : 1 }

,
"ok" : 1,
}
> db.myColl.find();
{ "_id" : 1, "value" :

{ "count" : 2 }

}
>
> res=db.mytest.mapReduce(m,r,{out:{reduce:"myColl"}});
{
"result" : "myColl",
"timeMillis" : 15,
"counts" :

{ "input" : 1, "emit" : 1, "output" : 1 }

,
"ok" : 1,
}
> db.myColl.find();
{ "_id" : 1, "value" :

{ "count" : 3 }

}
>
=====

> db.system.users.find();

{ "_id" : ObjectId("4e0a2530e1c6ac893f943018"), "user" : "gpr", "readOnly" : true, "pwd" : "6653a4201479409166809ecdd8abaadf" } { "_id" : ObjectId("4e0a2560e1c6ac893f943019"), "user" : "gp", "readOnly" : false, "pwd" : "2e42611f30c3155c7f8de180b0e855ee" }

>



 Comments   
Comment by auto [ 25/Oct/11 ]

Author:

{u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-3345: Return nice error message when user not authorized to output map-reduce to collection
Branch: master
https://github.com/mongodb/mongo/commit/1f7b6cd5383ff472d522ac6df8540f04c80817cd

Comment by auto [ 25/Oct/11 ]

Author:

{u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-3345: Read-only user when --auth enable can only do inline mapReduce because other modes write to an output collection
Branch: master
https://github.com/mongodb/mongo/commit/f0bc9f913c047bf852d19cdcfb7c76b599bfeb91

Comment by auto [ 25/Oct/11 ]

Author:

{u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-3345: adhere to coding style
Branch: master
https://github.com/mongodb/mongo/commit/4f7d9615530868f2aca24217b07707b4925b21c9

Comment by auto [ 29/Sep/11 ]

Author:

{u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-3345: Read-only users can't output mapReduce to existing collection
Branch: master
https://github.com/mongodb/mongo/commit/8e75d326a62dd24ecb9b47e35264ff035c05da11

Comment by Tony Hannan [ 27/Sep/11 ]

Bug still exists in 2.0. Read-only user can specify any collection in M/R out parameter, including one that already exists, and overwrite it.

Comment by Eliot Horowitz (Inactive) [ 27/Sep/11 ]

believe this was fixed in 2.0 - will verify

Comment by ganesan pandurangan [ 27/Sep/11 ]

Hi

Any updates on this ?

Generated at Thu Feb 08 03:02:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.