After SERVER-28260, a cursor created with an 'lsid' cannot be killed without passing the same lsid:
$ cat killCursorsBug.js db.test.insertOne({}); var res = db.runCommand({find: "test", batchSize: 0, lsid: {id: BinData(4, "QlLfPHTySm6tqfuV+EOsVA==")}}); res = db.runCommand({killCursors: "test", cursors: [res.cursor.id]}); printjson(res); $ mongo 'mongodb://user:password@localhost:27017' killCursorsBug.js MongoDB shell version v3.4.10 connecting to: mongodb://user:password@localhost:27017 MongoDB server version: 3.7.0-180-g09d3d18 WARNING: shell and server versions do not match { "operationTime" : Timestamp(1512435604, 1), "ok" : 0, "errmsg" : "not authorized on test to execute command { killCursors: \"test\", cursors: [ 78117941810 ], $db: \"test\" }", "code" : 13, "codeName" : "Unauthorized" }
killCursors should succeed when run with a different session or even no session at all.
- is caused by
-
SERVER-28260 Create a killAnyCursor privilege
- Closed
- is related to
-
DRIVERS-430 Test that killCursors really succeeds
- Implementing