[SERVER-4225] Adding first admin user to database via localhost works but returns error message Created: 08/Nov/11  Updated: 11/Jul/16  Resolved: 09/Jul/12

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: 2.1.2
Fix Version/s: 2.2.0-rc0

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-6246 Manipulate user objects exclusively v... Closed
Duplicate
is duplicated by SERVER-6101 Error when bootstrapping 2.1.x with a... Closed
Related
related to PYTHON-407 Adding first user from localhost work... Closed
Operating System: ALL
Participants:

 Description   

2.1 make getLastError require auth, which it didn't in 2.0 and earlier.

> mkdir tempdb
> mongod --auth --dbpath tempdb/

> mongo
MongoDB shell version: 2.0.1
connecting to: test
test[19:11:40]> use admin
switched to db admin
admin[19:11:42]> db.addUser("admin","password")
Mon Nov 7 19:11:52 uncaught exception: getlasterror failed:

{ "errmsg" : "need to login", "ok" : 0 }

admin[19:11:52]> db.auth('admin','password')
1
admin[19:11:58]> db.system.users.find()

{ "_id" : ObjectId("4eb873c7cdae97d7a7bee931"), "user" : "admin", "readOnly" : false, "pwd" : "90f500568434c37b61c8c1ce05fdf3ae" }

 Comments   
Comment by Spencer Brody (Inactive) [ 09/Jul/12 ]

Fixed for the shell, but may require additional changes in the drivers.

Comment by auto [ 03/Jul/12 ]

Author:

{u'date': u'2012-07-03T14:57:19-07:00', u'email': u'eliot@10gen.com', u'name': u'Eliot Horowitz'}

Message: SERVER-4225 - when creating first user, we can't call getLastError
Branch: master
https://github.com/mongodb/mongo/commit/dfd39b495e3bd5ab6ee7f35edaeb8f17129e7783

Comment by Spencer Brody (Inactive) [ 28/Jun/12 ]

Also, I can no longer reproduce this on 2.0.2. I'm starting to think that was a typo and I meant 2.1.x?

Comment by Spencer Brody (Inactive) [ 28/Jun/12 ]

This is a problem for more than just the shell. Most drivers call GLE in their addUser method to make sure the user was added successfully. This will make those calls return an exception, even when they succeeded, for adding the first user over localhost.

Comment by Spencer Brody (Inactive) [ 28/Jun/12 ]

The problem is that if there's no admin users and you're connected over localhost, you're given full access and can insert into system.users to create the first user. When you try to call getLastError to check if the user was created successfully, however, the command is denied because there is now a user in existence and you're still unauthenticated.

Generated at Thu Feb 08 03:05:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.