[SERVER-38867] "show collections" no longer lists system.* collections Created: 07/Jan/19  Updated: 29/Oct/23  Resolved: 08/May/19

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: 4.0.5
Fix Version/s: 4.0.10, 4.1.11

Type: Bug Priority: Major - P3
Reporter: Kevin Pulo Assignee: Kevin Pulo
Resolution: Fixed Votes: 1
Labels: rfr40
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
related to SERVER-32942 mongo shell: for users authorized to ... Closed
related to SERVER-38353 show collections does not list system... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v4.0
Sprint: Sharding 2019-01-14, Sharding 2019-01-28, Sharding 2019-02-11, Sharding 2019-02-25, Sharding 2019-03-11, Sharding 2019-03-25, Sharding 2019-05-20
Participants:

 Description   

On SERVER-32942 the authorizedCollections optional parameter was added to the listCollections command, and the show collections shell helper was modified to pass true for this parameter.

However, this has the unintended consequence of preventing system.* collections from being listed in the output of show collections, even when auth is off or specific privileges to system collections have been granted. This is a backward breaking change in behaviour, which might lead users to make incorrect deductions about the state of the db (based on the apparent non-presence of system collections of interest).

The reason for this is that the blacklisting of system collections on SERVER-32942 is too heavy handed, and should instead be relaxed to return system collections that the logged-in user has privileges to. The example behaviours below are all on a freshly initialised standalone/sharded cluster.

Auth disabled

Setup:

use admin

Standalone/Replset: Current behaviour Standalone/Replset: Desired behaviour

> show collections
>

> show collections
system.version
>

Sharded: Current behaviour Sharded: Desired behaviour

mongos> show collections
mongos>
 

mongos> show collections
system.keys
system.version
mongos>

Auth enabled

Setup:

use admin
db.auth("root", "root")
 
db.createRole( { role: "syscoll", privileges: [ { resource: { db: "admin", collection: "system.version" }, actions: [ "find" ] } ], roles: [] } )
db.createRole( { role: "admindb", privileges: [ { resource: { db: "admin", collection: "" },               actions: [ "find" ] } ], roles: [] } )
 
db.createUser( { user: "test-syscoll", pwd: "test", roles: [ "syscoll" ] } )
db.createUser( { user: "test-admindb", pwd: "test", roles: [ "admindb" ] } )
db.createUser( { user: "test-both",    pwd: "test", roles: [ "admindb", "syscoll" ] } )
 
db.createCollection("testcoll")

Standalone/Replset: Current behaviour Standalone/Replset: Desired behaviour

> db.auth("test-syscoll", "test")
1
> show collections
>
 
 
> db.auth("test-admindb", "test")
1
> show collections
testcoll
>
 
> db.auth("test-both", "test")
1
> show collections
testcoll
>

> db.auth("test-syscoll", "test")
1
> show collections
system.version
>
 
> db.auth("test-admindb", "test")
1
> show collections
testcoll
>
 
> db.auth("test-both", "test")
1
> show collections
system.version
testcoll
>

Sharded: Current behaviour Sharded: Desired behaviour

mongos> db.auth("test-syscoll", "test")
1
mongos> show collections
mongos>
 
 
mongos> db.auth("test-admindb", "test")
1
mongos> show collections
testcoll
mongos>
 
mongos> db.auth("test-both", "test")
1
mongos> show collections
testcoll
mongos>

mongos> db.auth("test-syscoll", "test")
1
mongos> show collections
system.version
mongos>
 
mongos> db.auth("test-admindb", "test")
1
mongos> show collections
testcoll
mongos>
 
mongos> db.auth("test-both", "test")
1
mongos> show collections
system.version
testcoll
mongos>



 Comments   
Comment by Githook User [ 15/May/19 ]

Author:

{'email': 'kevin.pulo@mongodb.com', 'name': 'Kevin Pulo', 'username': 'devkev'}

Message: SERVER-38867 refine handling of system collections in listCollections

(cherry picked from commit 89fb6dcc3e87fca01bbea2a7662d33f6f2c4702d)
Branch: v4.0
https://github.com/mongodb/mongo/commit/9379741da6e00edfed33e65d92a3cf3b61304e68

Comment by Githook User [ 08/May/19 ]

Author:

{'email': 'kevin.pulo@mongodb.com', 'name': 'Kevin Pulo', 'username': 'devkev'}

Message: SERVER-38867 refine handling of system collections in listCollections
Branch: master
https://github.com/mongodb/mongo/commit/89fb6dcc3e87fca01bbea2a7662d33f6f2c4702d

Generated at Thu Feb 08 04:50:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.