Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-9009

mongodump fails when run by a read-only user

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 2.2.2
    • Component/s: Admin
    • Environment:
      CentOS 6.3 x86_64
    • Linux
    • Hide

      Connect to Mongo:
      use admin
      db.addUser("backup","xxxxx",true)
      exit

      1. mongodump --host localhost:27018 -u backup -p xxxxx -o .
        connected to: localhost:27018
        Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx
        Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson
        assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 }

      Setting the user read-only flag back to "false", and the backup will run successfully.

      Show
      Connect to Mongo: use admin db.addUser("backup","xxxxx",true) exit mongodump --host localhost:27018 -u backup -p xxxxx -o . connected to: localhost:27018 Mon Mar 18 15:03:09 DATABASE: xxxxx to ./xxxxx Mon Mar 18 15:03:09 xxxxx.system.users to ./xxxxx/system.users.bson assertion: 11010 count fails: { assertion: "unauthorized db:xxxxxx ns:xxxxx.system.users lock type:1 client:127.0.0.1", assertionCode: 10057, errmsg: "db assertion failure", ok: 0.0 } Setting the user read-only flag back to "false", and the backup will run successfully.

      The mongodump command fails when it authenticates with a read-only user.

      This appeared to work in an earlier version, and it would seem to be more secure to not have to use a backup user with write access.

            Assignee:
            Unassigned Unassigned
            Reporter:
            matthew.parsons@bskyb.com Matthew Parsons
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: