Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-admin users can't run USE in the CLI #6397

Closed
beckettsean opened this issue Apr 15, 2016 · 5 comments
Closed

non-admin users can't run USE in the CLI #6397

beckettsean opened this issue Apr 15, 2016 · 5 comments

Comments

@beckettsean
Copy link
Contributor

Bug report

System info: [Include InfluxDB version, operating system name, and other relevant details]

InfluxDB 0.12.1, Ubuntu 14.04, not a fresh install (upgraded from 0.10 over time)

Steps to reproduce:

  1. enable authentication in the config file
  2. create an admin user
  3. create a non-admin user with ALL privileges to an existing database

Expected behavior: [What you expected to happen]

non-admin user with ALL privs can USE <database>

Actual behavior: [What actually happened]

non-admin user gets an auth error

Connecting directly to the database works:

# influx -username 'mydb' -password 'mmydb' -database 'mydb'
Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connected to http://localhost:8086 version 0.12.1
InfluxDB shell 0.12.1
> show measurements
name: measurements
------------------
name
ambiguous
cpu
string1
strings

However, the mydb user cannot issue a USE command, because the CLI has a behind the scenes SHOW DATABASES command that fails:

# influx -username 'mydb' -password 'mmydb'
Visit https://enterprise.influxdata.com to register for updates, InfluxDB server management, and monitoring.
Connected to http://localhost:8086 version 0.12.1
InfluxDB shell 0.12.1
> use mydb
ERR: error authorizing query: mydb not authorized to execute statement 'SHOW DATABASES', requires admin privilege
@jsternberg
Copy link
Contributor

@beckettsean should we allow non-admins to use SHOW DATABASES? What should the required privileges be?

@beckettsean
Copy link
Contributor Author

If non-admins can run SHOW DATABASES it would be important that the command only return a list of the databases to which they have at least one read or write privilege. If there are 10 databases on the instance and a user only has read access to one, they should not be able to retrieve the entire list of databases.

Alternately we could remove the SHOW DATABASES command from the CLI on USE. I think we're only doing that so we can give a meaningful "no database found" error when someone runs USE against a non-existent database.

I think it warrants a more involved discussion. @jwilder @pauldix @gunnaraasen your thoughts?

@gunnaraasen
Copy link
Member

I agree we should allow non-admin users to see only databases where they have either read or write privileges. Looks like this is a duplicate of #4785.

@katiitak
Copy link

This would be useful for the Admin UI also. As right you can't query data with non-admin user, as it can't get the list of databases.

@jsternberg jsternberg mentioned this issue May 22, 2016
Closed
jsternberg added a commit that referenced this issue Jun 17, 2016
@jsternberg
Allow a non-admin to call "use" for the influx cli
6a4bc5a 
Previously, a non-admin could not call "use" in the influx cli since the
`SHOW DATABASES` command requires admin permissions to run. The correct
solution to this is likely to allow non-admins to call `SHOW DATABASES`,
but only see the databases they should be capable of seeing.

Since we don't have this kind of fine-grained authorization yet and
plans for it are still in the works, we do need someway to not
arbitrarily cripple non-admins attempting to use the cli program. This
is a temporary solution that will ignore any authorization errors from
`SHOW DATABASES` if authorization has been set. A warning message will
be printed and the database will be switched. This should be enough to
ensure that there is some warning that you may not have switched to a
valid database while not crippling non-admin users.

A temporary solution for #6397.
@jsternberg jsternberg mentioned this issue Jun 17, 2016
Merged
jsternberg added a commit that referenced this issue Jun 22, 2016
@jsternberg
Allow a non-admin to call "use" for the influx cli
1d20498 
Previously, a non-admin could not call "use" in the influx cli since the
`SHOW DATABASES` command requires admin permissions to run. The correct
solution to this is likely to allow non-admins to call `SHOW DATABASES`,
but only see the databases they should be capable of seeing.

Since we don't have this kind of fine-grained authorization yet and
plans for it are still in the works, we do need someway to not
arbitrarily cripple non-admins attempting to use the cli program. This
is a temporary solution that will ignore any authorization errors from
`SHOW DATABASES` if authorization has been set. A warning message will
be printed and the database will be switched. This should be enough to
ensure that there is some warning that you may not have switched to a
valid database while not crippling non-admin users.

A temporary solution for #6397.
@jsternberg
Copy link
Contributor

Closing this in favor of #4785 since they are duplicates. A hack has already been included to get around this right now, so now we just need to fix the underlying problem.

@8none1 8none1 mentioned this issue Mar 17, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gunnaraasen @jsternberg @beckettsean @katiitak