[SERVER-9029] Duplicate users in system.users causes problem with 2.4.x upgrade Created: 20/Mar/13  Updated: 11/Jul/16  Resolved: 25/Mar/13

Status: Closed
Project: Core Server
Component/s: Security, Usability
Affects Version/s: 2.4.0
Fix Version/s: 2.4.2, 2.5.0

Type: Bug Priority: Major - P3
Reporter: Adam Comerford Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to DOCS-1271 Document the enforcement of unique us... Closed
related to SERVER-7982 Upgrade Indexes on system.users colle... Closed
Operating System: ALL
Participants:

 Description   

If duplicate users exist then the upgrade process of creating a new unique index will fail. To fix this duplicate user problem you must start in the previous version and ensure that no duplicate users exist before upgrading; this will require removing those duplicate user documents.

Orig Report
Example from original thread on mongodb-user.

After upgrading to 2.4 I have following errors:

Wed Mar 20 10:38:42.006 [initandlisten] build index admin.system.users { user: 1, userSource: 1 }
Wed Mar 20 10:38:42.007 [initandlisten] exception in initAndListen: 11000 E11000 duplicate key error index: admin.system.users.$user_1_userSource_1  dup key: { : "myuser", : null }, terminating



 Comments   
Comment by auto [ 25/Mar/13 ]

Author:

{u'date': u'2013-03-25T19:12:36Z', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-9029 Add more informative log message when building unique index on system.users fails
Branch: v2.4
https://github.com/mongodb/mongo/commit/d54170cb2bcabd23bd7f2583dcbe1f48dd16fa60

Comment by auto [ 25/Mar/13 ]

Author:

{u'date': u'2013-03-25T19:12:36Z', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-9029 Add more informative log message when building unique index on system.users fails
Branch: master
https://github.com/mongodb/mongo/commit/3521eaab4c6d1a6e9a80fb55ee493e5c5806a43b

Comment by Daniel Pasette (Inactive) [ 25/Mar/13 ]

spencer is looking into how to improve the error message.

Comment by Scott Hernandez (Inactive) [ 21/Mar/13 ]

HELP NEEDED
For those of you getting this error, can you please let us know what languages you are using, and what frameworks and tools you are using to create users. It is very possible that somewhere there is a tool/framework/program which is inserting those duplicate users which will need to be fixed. Starting with 2.4 these tools/frameworks which are creating duplicate users will start to cause errors and we would like to track them down sooner than later.

Comment by Spencer Brody (Inactive) [ 20/Mar/13 ]

Unfortunately there's not much we can do here other than document this clearly and improve the error message. The server can't know which user to drop if there are duplicate user docs, so fixing this has to require user intervention.

Comment by Mark porter [ 20/Mar/13 ]

Easy to repro on RHEL:

> db.system.users.find()
{ "_id" : ObjectId("5149ab5d3fd304f638fa95c7"), "user" : "test", "readOnly" : false, "pwd" : "4bb1a621b59ba39c1c1f31e8dcf4b978" }
{ "_id" : ObjectId("6149ab5d3fd304f638fa95c7"), "user" : "test", "readOnly" : false, "pwd" : "4298b743bff4be760683d873a19ce6c6" }
> db.version()
2.2.3
> quit()

[root@ip-10-36-137-114 ~]# yum upgrade mongo-10gen mongo-10gen-server
Loaded plugins: amazon-id, product-id, rhui-lb, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Upgrade Process
Resolving Dependencies
.....
.....
Wed Mar 20 08:48:19.230 [initandlisten] opening db:  admin
Wed Mar 20 08:48:19.231 [initandlisten] build index admin.system.users { user: 1, userSource: 1 }
Wed Mar 20 08:48:19.231 [initandlisten] external sort root: /var/lib/mongo/_tmp/esort.1363783699.0/
Wed Mar 20 08:48:19.231 [initandlisten] 		 not using file.  size:84 _compares:1
Wed Mar 20 08:48:19.231 [initandlisten] 	 external sort used : 0 files  in 0 secs
Wed Mar 20 08:48:19.232 [initandlisten] User Assertion: 11000:E11000 duplicate key error index: admin.system.users.$user_1_userSource_1  dup key: { : "test", : null }
Wed Mar 20 08:48:19.232 [initandlisten] User Assertion: 12502:can't drop system ns
Wed Mar 20 08:48:19.234 [initandlisten] exception in initAndListen: 11000 E11000 duplicate key error index: admin.system.users.$user_1_userSource_1  dup key: { : "test", : null }, terminating
Wed Mar 20 08:48:19.234 dbexit:

Comment by Scott Hernandez (Inactive) [ 20/Mar/13 ]

I was able to easily reproduce this:

> db.system.users.find()
{ "_id" : ObjectId("5149ae5ddc8808694c9452b9"), "user" : "scott", "readOnly" : false, "pwd" : "776dbbffb71fa6c719bb99c8eabcf0c5" }
{ "_id" : ObjectId("5149aeb8dc8808694c9452bc"), "user" : "scott", "pwd" : "a" }
> db.version()
2.2.3

Then upgrade to 2.4.x:

...
Wed Mar 20 08:43:18.501 [initandlisten] db version v2.4.0
...
Wed Mar 20 08:43:18.503 [initandlisten] build index test.system.users { user: 1, userSource: 1 }
Wed Mar 20 08:43:18.511 [initandlisten] exception in initAndListen: 11000 E11000 duplicate key error index: test.system.users.$user_1_userSource_1  dup key: { : "scott", : null }, terminating
Wed Mar 20 08:43:18.511 dbexit: 

The ability to have duplicate users with the same name in previous versions was a bug and this unique index now keeps the problem from happening when users are created.

Comment by Artyom Pakhomov [ 20/Mar/13 ]

After downgrading to 2.2.3 I found that ther dups in db.system.users collection. But not sure whether the two entries where there before the upgrade or were created somehow durin the upgrade. After remove one entry, I upgrade to 2.4 and everything is fine.

Generated at Thu Feb 08 03:19:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.