<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:22:04 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-50211] Getting issue &quot;ACCESS   [conn298810] Unauthorized: not authorized on admin to execute command { endSessions: [ { id: UUID(&quot;acb7b7b0-5cfd-48d9-ae40-25e20d1ead63&quot;) } ], $db: &quot;admin&quot; }&quot;</title>
                <link>https://jira.mongodb.org/browse/SERVER-50211</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;I am using mongo-3.6.17 version and enabled the auth in that. With the auth, I am getting the below message contentiously in on the logs&lt;/p&gt;

&lt;p&gt;ACCESS &lt;span class=&quot;error&quot;&gt;&amp;#91;conn298810&amp;#93;&lt;/span&gt; Unauthorized: not authorized on admin to execute command { endSessions: [ &lt;/p&gt;
{ id: UUID(&quot;acb7b7b0-5cfd-48d9-ae40-25e20d1ead63&quot;) }
&lt;p&gt; ], $db: &quot;admin&quot; }&lt;/p&gt;

&lt;p&gt;When I verified the mongo documentation, I have not seen any specific role to execute the endSession command. But in my user roles, I gave almost all high priority roles like dbAdmin, dbOwner ...etc but still getting the same issue. Is there any way to avoid this issue ?&lt;/p&gt;</description>
                <environment></environment>
        <key id="1436739">SERVER-50211</key>
            <summary>Getting issue &quot;ACCESS   [conn298810] Unauthorized: not authorized on admin to execute command { endSessions: [ { id: UUID(&quot;acb7b7b0-5cfd-48d9-ae40-25e20d1ead63&quot;) } ], $db: &quot;admin&quot; }&quot;</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="eric.sedor@mongodb.com">Eric Sedor</assignee>
                                    <reporter username="sivag9@gmail.com">Sambasivarao Gajula</reporter>
                        <labels>
                    </labels>
                <created>Mon, 10 Aug 2020 11:13:18 +0000</created>
                <updated>Tue, 25 Aug 2020 06:15:46 +0000</updated>
                            <resolved>Mon, 24 Aug 2020 22:02:04 +0000</resolved>
                                    <version>3.6.19</version>
                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="3356929" author="JIRAUSER1254348" created="Tue, 25 Aug 2020 06:15:46 +0000"  >&lt;p&gt;Thanks Eric for providing the required information so far.&lt;/p&gt;

&lt;p&gt;Regards,&lt;/p&gt;

&lt;p&gt;Samba.&lt;/p&gt;</comment>
                            <comment id="3356588" author="eric.sedor" created="Mon, 24 Aug 2020 22:18:06 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sivag9%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;sivag9@gmail.com&quot;&gt;sivag9@gmail.com&lt;/a&gt;, I&apos;ve found &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-49165&quot; title=&quot;endSessions command in Client.Disconnect causes an authorization failure for an unauthed connection on a host that requires authentication&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-49165&quot;&gt;&lt;del&gt;SERVER-49165&lt;/del&gt;&lt;/a&gt; which tracks a solution to this issue. Please watch that ticket for updates!&lt;/p&gt;</comment>
                            <comment id="3349192" author="eric.sedor" created="Thu, 20 Aug 2020 14:40:58 +0000"  >&lt;p&gt;Samba,&lt;/p&gt;

&lt;p&gt;To clarify, the log line is triggered when the shell is closed. It is not ping specifically but happens right after your eval option is complete. I&apos;d like to keep this ticket open as I look into that.&lt;/p&gt;

&lt;p&gt;But, for your questions about how to set up exactly what you need for your users, roles, and for ensuring you are setting up authentication correctly, I encourage you to ask our community by posting on the &lt;a href=&quot;http://community.mongodb.com&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MongoDB Community Forums&lt;/a&gt;. The SERVER project here is for bugs and feature suggestions for the MongoDB server.&lt;/p&gt;

&lt;p&gt;Thanks!&lt;br/&gt;
Eric&lt;/p&gt;</comment>
                            <comment id="3349159" author="JIRAUSER1254348" created="Thu, 20 Aug 2020 14:31:50 +0000"  >&lt;p&gt;Hi Eric,&lt;/p&gt;

&lt;p&gt;Based on the google search (&lt;a href=&quot;https://github.com/helm/charts/issues/12631&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/helm/charts/issues/12631&lt;/a&gt;) I just tried to reproduce the issue with the ping command but right now I am not sure, does ping alone causing the issue or any other command also causing the same issue. Your analysis also &quot;occurs any time an un-authenticated shell connection&quot; saying the same point right. Anyway, I will try from my side as well by authenticating the ping .&#160;&lt;/p&gt;

&lt;p&gt;Right now as part of my work, I am authenticating the DB and adding the users with the roles I mentioned earlier. As part of the operations, my application is not using the ping directly. So, it might be the internal communication in between the mongo DBs. In that case, can you please help on how can I make the ping authenticated or&#160; else which role exactly need to be added to the existing/new user to access the ping ?&lt;/p&gt;

&lt;p&gt;Thanks,&lt;br/&gt;
Samba.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="3348136" author="eric.sedor" created="Wed, 19 Aug 2020 22:15:12 +0000"  >&lt;p&gt;Thanks for your patience, Samba,&lt;/p&gt;

&lt;p&gt;The logs have been helpful and I have been able to reproduce this readily. Initially, it looks like the issue is that the &lt;tt&gt;mongo hostNameXXX:27719 --eval &quot;db.adminCommand(&apos;ping&apos;).ok&quot; --quiet&lt;/tt&gt; isn&apos;t authenticating (with the &amp;#45;u and &amp;#45;p arguments).&lt;/p&gt;

&lt;p&gt;I can see the &quot;not authorized on admin to execute command { endSessions&quot; occurs any time an un-authenticated shell connection is closed and am working to determine if this is intentional or if it is a bug.&lt;/p&gt;

&lt;p&gt;In the meantime you should be able to prevent this message by authenticating when running this script. Does that make sense and does this work for you?&lt;/p&gt;

&lt;p&gt;Eric&lt;/p&gt;</comment>
                            <comment id="3346664" author="JIRAUSER1254348" created="Wed, 19 Aug 2020 09:21:52 +0000"  >&lt;p&gt;Hi Eric,&lt;/p&gt;

&lt;p&gt;I hope the shared logs are helpful to debug the issue . If you need any further information, please let me know and also, if you find any suspect point, please share to me as well. I also can cross check in my setup.&lt;/p&gt;

&lt;p&gt;Thanks,&lt;br/&gt;
Samba.&lt;/p&gt;</comment>
                            <comment id="3338880" author="JIRAUSER1254348" created="Fri, 14 Aug 2020 04:52:24 +0000"  >&lt;p&gt;Hi Eric,&lt;/p&gt;

&lt;p&gt;Please find the attached log, which is taken by the time of mongoAuth enable to the &apos;Unauthorized&apos; messages are coming. I have three members in the replicaset and have collected the logs from the Primary (hostmgr01) only. By the time of taking the logs mongoAuth was enabling member by member and due to that only, secondary &amp;amp; Arbiter was not reachable but later point,&#160; those were reachable. After completion of the mongoAuth, I collected the Users info well separately and added to below to the attached logs.&lt;/p&gt;

&lt;p&gt;Please let me know, if you need any other info&lt;/p&gt;

&lt;p&gt;Thanks&lt;/p&gt;

&lt;p&gt;Samba.&lt;/p&gt;</comment>
                            <comment id="3335221" author="eric.sedor" created="Wed, 12 Aug 2020 19:12:35 +0000"  >&lt;p&gt;The information we are looking for will be logged when the client connects and authenticates. Are you able to provide a log file that covers the whole span of time between the time you connect and the time you see the log messages?&lt;/p&gt;</comment>
                            <comment id="3331935" author="JIRAUSER1254348" created="Tue, 11 Aug 2020 02:28:52 +0000"  >&lt;p&gt;Hi Eric,&lt;/p&gt;

&lt;p&gt;Thanks for the response. How can I get the user belong to &apos;conn298810&apos; in mongoDB ?? Please share the command to verify this.&lt;/p&gt;

&lt;p&gt;I have captured and attached the sample logs and &apos;Users &amp;amp; Roles&apos; information. Right now I have two users with different roles but for the information, I tried the same by giving the same roles to both of the users.&lt;/p&gt;

&lt;p&gt;Thanks&lt;/p&gt;

&lt;p&gt;Sambasivarao.&lt;/p&gt;</comment>
                            <comment id="3331598" author="eric.sedor" created="Mon, 10 Aug 2020 21:17:17 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=sivag9%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;sivag9@gmail.com&quot;&gt;sivag9@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Can you help us understand exactly what user is authenticated for conn298810 in the above example? We can help with this if you attach mongod log files for a period of time.&lt;/p&gt;

&lt;p&gt;That said, we may also need to see the output of &lt;a href=&quot;https://docs.mongodb.com/manual/reference/method/db.getUsers/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;getUsers&lt;/a&gt; and if any custom roles are in use, &lt;a href=&quot;https://docs.mongodb.com/manual/reference/method/db.getRoles/#db.getRoles&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;getRoles&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Sincerely,&lt;br/&gt;
Eric&lt;/p&gt;</comment>
                            <comment id="3329901" author="JIRAUSER1254348" created="Mon, 10 Aug 2020 11:47:39 +0000"  >&lt;p&gt;There is a small observation that, If I use the ping command continuously with out auth credentials &quot;mongo hostNameXXX:27719 --eval &quot;db.adminCommand(&apos;ping&apos;).ok&quot; --quiet&quot; , I am getting success&#160; out put as &apos;1&apos; but at the same time , have seen the increase of the above messages in the same rate of the ping command&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="1359726">SERVER-49165</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="273394" name="jira_logs.txt" size="6652" author="sivag9@gmail.com" created="Tue, 11 Aug 2020 02:28:38 +0000"/>
                            <attachment id="273883" name="jira_logs_1.txt" size="59028" author="sivag9@gmail.com" created="Fri, 14 Aug 2020 04:52:16 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>11.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 10 Aug 2020 21:17:17 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 24 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>sivag9@gmail.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 24 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>eric.sedor@mongodb.com</customfieldvalue>
            <customfieldvalue>sivag9@gmail.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxzh47:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxm7mv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[eric.sedor@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxz3dj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>