[SERVER-5011] authenticated read-only users unable to access data Created: 18/Feb/12  Updated: 15/Aug/12  Resolved: 19/Feb/12

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 2.0.2
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Brett Goldstein Assignee: Ben Becker
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

We have created read only users that are unable to perform read only tasks. I reviewed:

https://jira.mongodb.org/browse/SERVER-3454
https://jira.mongodb.org/browse/SERVER-4335
http://groups.google.com/group/mongodb-user/browse_thread/thread/92b48cd330233aa8

of note, we have not enabled profiling in our architecture. i couldn't find any further resolution. thoughts?



 Comments   
Comment by Eliot Horowitz (Inactive) [ 19/Feb/12 ]

There is an issue with read only users and sharding right now. Can track here: SERVER-4156

Comment by Brett Goldstein [ 18/Feb/12 ]

mongos> db.addUser("eliot","test",true)
{
"singleShard" : "mongos1a:27018",
"n" : 0,
"connectionId" : 665,
"err" : null,
"ok" : 1
}
{
"user" : "eliot",
"readOnly" : true,
"pwd" : "2bad607310f81e8b159e391cd9d16904",
"_id" : ObjectId("4f3ffae6aca7aca29903cc5c")
}
mongos>

> use ops
switched to db ops
> db.auth("eliot","test")
1

MONGOS log:

Sat Feb 18 13:25:10 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:12 [conn4825] authenticate:

{ authenticate: 1.0, user: "eliot", nonce: "c04fca9d20daab6c", key: "1356597720132ff3b1f68b409efc4a3d" }

Sat Feb 18 13:25:15 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb1b18ce44a054e6f839
Sat Feb 18 13:25:16 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.

> db.windygrid.find()
error:

{ "$err" : "unauthorized", "code" : 15845 }

>

After MONGOS log

Sat Feb 18 13:25:15 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb1b18ce44a054e6f839
Sat Feb 18 13:25:16 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:21 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb2118ce44a054e6f83a
Sat Feb 18 13:25:21 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:26 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb2618ce44a054e6f83b
Sat Feb 18 13:25:26 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:31 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb2b18ce44a054e6f83c
Sat Feb 18 13:25:31 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:36 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb3018ce44a054e6f83d
Sat Feb 18 13:25:36 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:41 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb3518ce44a054e6f83e
Sat Feb 18 13:25:41 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:43 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:25:43 2012 by distributed lock pinger 'mongoc1:27019/my07apl01.cityofchicago.org:27017:1328752664:1804289383', sleeping for 30000ms
Sat Feb 18 13:25:46 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb3a18ce44a054e6f83f
Sat Feb 18 13:25:46 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:51 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb3f18ce44a054e6f840
Sat Feb 18 13:25:51 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:25:56 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb4418ce44a054e6f841
Sat Feb 18 13:25:56 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:26:01 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb4918ce44a054e6f842
Sat Feb 18 13:26:01 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:26:06 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb4e18ce44a054e6f843
Sat Feb 18 13:26:06 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:26:11 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb5318ce44a054e6f844
Sat Feb 18 13:26:11 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:26:16 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb5818ce44a054e6f845
Sat Feb 18 13:26:16 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.
Sat Feb 18 13:26:21 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' acquired, ts : 4f3ffb5d18ce44a054e6f846
Sat Feb 18 13:26:21 [Balancer] distributed lock 'balancer/my07apl01.cityofchicago.org:27017:1328752664:1804289383' unlocked.

And this is from a shard:

Sat Feb 18 13:02:33 [conn626] command admin.$cmd command:

{ writebacklisten: ObjectId('4f33281818ce44a054e5b55f') }

ntoreturn:1 reslen:44 300000ms
Sat Feb 18 13:02:46 [clientcursormon] mem (MB) res:3091 virt:255251 mapped:126947
Sat Feb 18 13:05:19 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:05:19 2012 by distributed lock pinger 'mongoc1:27019/my07orl02.cityofchicago.org:27018:1329404740:34679829', sleeping for 30000ms
Sat Feb 18 13:07:33 [conn626] command admin.$cmd command:

{ writebacklisten: ObjectId('4f33281818ce44a054e5b55f') }

ntoreturn:1 reslen:44 300000ms
Sat Feb 18 13:07:46 [clientcursormon] mem (MB) res:3091 virt:255251 mapped:126947
Sat Feb 18 13:08:46 [PeriodicTask::Runner] task: DBConnectionPool-cleaner took: 9ms
Sat Feb 18 13:10:19 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:10:19 2012 by distributed lock pinger 'mongoc1:27019/my07orl02.cityofchicago.org:27018:1329404740:34679829', sleeping for 30000ms
Sat Feb 18 13:12:33 [conn626] command admin.$cmd command:

{ writebacklisten: ObjectId('4f33281818ce44a054e5b55f') }

ntoreturn:1 reslen:44 300000ms
Sat Feb 18 13:12:46 [clientcursormon] mem (MB) res:3091 virt:255251 mapped:126947
Sat Feb 18 13:15:19 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:15:19 2012 by distributed lock pinger 'mongoc1:27019/my07orl02.cityofchicago.org:27018:1329404740:34679829', sleeping for 30000ms
Sat Feb 18 13:17:33 [conn626] command admin.$cmd command:

{ writebacklisten: ObjectId('4f33281818ce44a054e5b55f') }

ntoreturn:1 reslen:44 300000ms
Sat Feb 18 13:17:46 [clientcursormon] mem (MB) res:3091 virt:255251 mapped:126947
Sat Feb 18 13:20:19 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:20:19 2012 by distributed lock pinger 'mongoc1:27019/my07orl02.cityofchicago.org:27018:1329404740:34679829', sleeping for 30000ms
Sat Feb 18 13:22:33 [conn626] command admin.$cmd command:

{ writebacklisten: ObjectId('4f33281818ce44a054e5b55f') }

ntoreturn:1 reslen:44 300000ms
Sat Feb 18 13:22:46 [clientcursormon] mem (MB) res:3091 virt:255251 mapped:126947
Sat Feb 18 13:25:19 [LockPinger] cluster mongoc1:27019 pinged successfully at Sat Feb 18 13:25:19 2012 by distributed lock pinger 'mongoc1:27019/my07orl02.cityofchicago.org:27018:1329404740:34679829', sleeping for 30000ms
^C
-bash-4.1$ grep eliot /u01/mongolog/mongodb.log
-bash-4.1$

Comment by Eliot Horowitz (Inactive) [ 18/Feb/12 ]

Can you send an example with logs?

Generated at Thu Feb 08 03:07:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.