Skip to content

Comments

Add dbOwner role for _restore database to mongo-init.sh script#175

Open
anoppe wants to merge 1 commit intolinuxserver:mainfrom
anoppe:patch-2
Open

Add dbOwner role for _restore database to mongo-init.sh script#175
anoppe wants to merge 1 commit intolinuxserver:mainfrom
anoppe:patch-2

Conversation

@anoppe
Copy link

@anoppe anoppe commented Feb 16, 2026

  • I have read the contributing guideline and understand that I have made the correct modifications

Description:

When restoring an installation from backup, the unifi network application tries to drop the ${MONGODB_DBNAME}_restore database, which fails because the user used to authenticate with MonboDB doesn't have the permissions to do so.

Benefits of this PR and context:

By adding ownership to the ${MONGODB_DBNAME}_restore database, the restore-from-backup functionality should work.

How Has This Been Tested?

Unfortunately, I had do a fresh installation of the Unifi network application, and when trying to restore from backup, nothing happened.
The logs showed me that the application was unauthorized to drop the ${MONGODB_DBNAME}_restore database:

[2026-02-16T13:41:12,499Z] <webapi-3> ERROR db     - Unable to import database
com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized): 'not authorized on unifi_restore to execute command { dropDatabase: 1, $db: "unifi_restore", lsid: { id: UUID("31e790c4-22f3-42d1-94ae-db5a8dd862f2") } }' on server unifi-db:27017. The full response is {"ok": 0.0, "errmsg": "not authorized on unifi_restore to execute command { dropDatabase: 1, $db: \"unifi_restore\", lsid: { id: UUID(\"31e790c4-22f3-42d1-94ae-db5a8dd862f2\") } }", "code": 13, "codeName": "Unauthorized"}
        at com.mongodb.internal.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:205)
        at com.mongodb.internal.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:515)
        at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceiveInternal(InternalStreamConnection.java:438)
        at com.mongodb.internal.connection.InternalStreamConnection.lambda$sendAndReceive$0(InternalStreamConnection.java:366)
        at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:369)
        at com.mongodb.internal.connection.UsageTrackingInternalConnection.sendAndReceive(UsageTrackingInternalConnection.java:114)
        at com.mongodb.internal.connection.DefaultConnectionPool$PooledConnection.sendAndReceive(DefaultConnectionPool.java:743)
        at com.mongodb.internal.connection.CommandProtocolImpl.execute(CommandProtocolImpl.java:76)
        at com.mongodb.internal.connection.DefaultServer$DefaultServerProtocolExecutor.execute(DefaultServer.java:209)
        at com.mongodb.internal.connection.DefaultServerConnection.executeProtocol(DefaultServerConnection.java:115)
        at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:83)
        at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:74)
        at com.mongodb.internal.connection.DefaultServer$OperationCountTrackingConnection.command(DefaultServer.java:299)
        at com.mongodb.internal.operation.SyncOperationHelper.executeCommand(SyncOperationHelper.java:207)
        at com.mongodb.internal.operation.DropDatabaseOperation.lambda$execute$0(DropDatabaseOperation.java:65)
        at com.mongodb.internal.operation.SyncOperationHelper.withConnectionSource(SyncOperationHelper.java:160)
        at com.mongodb.internal.operation.SyncOperationHelper.withConnection(SyncOperationHelper.java:105)
        at com.mongodb.internal.operation.DropDatabaseOperation.execute(DropDatabaseOperation.java:64)
        at com.mongodb.internal.operation.DropDatabaseOperation.execute(DropDatabaseOperation.java:45)
        at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:173)
        at com.mongodb.client.internal.MongoDatabaseImpl.executeDrop(MongoDatabaseImpl.java:211)
        at com.mongodb.client.internal.MongoDatabaseImpl.drop(MongoDatabaseImpl.java:201)
        at com.ubnt.service.system.vjkQiFI.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.vjkQiFI.bWwgIOQmUuYLRTvbHC(Unknown Source)
        at com.ubnt.service.system.vjkQiFI.bskior(Unknown Source)
        at com.ubnt.service.system.vjkQiFI.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.c.b.BKeAvbb.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.c.b.BKeAvbb.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.c.b.kAcSmtBQgHqJVXE.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.c.b.kAcSmtBQgHqJVXE.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.c.urbKkFPuEqsafVIUykG.bWwgIOQmUuYLRTvbHC(Unknown Source)
        at com.ubnt.service.system.c.urbKkFPuEqsafVIUykG.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.service.system.e.a.FNqpDUHct.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.ace.api.urbKkFPuEqsafVIUykG.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.ace.api.quyuUdnLtTw.bskior(Unknown Source)
        at com.ubnt.ace.api.ApiServlet.service(Unknown Source)
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at com.ubnt.service.trace.h.wqGnjNIRjNio.doFilter(Unknown Source)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:362)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:278)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at com.ubnt.ace.view.AuthFilter.KDAhaqZDGbqZ(Unknown Source)
        at com.ubnt.ace.view.AuthFilter.doFilter(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at com.ubnt.ace.view.UbiosHttpsFilter.doFilter(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:332)
        at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:159)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:165)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:88)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:113)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:83)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:268)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:72)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:903)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1774)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:973)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:491)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
        at java.base/java.lang.Thread.run(Thread.java:840)
[2026-02-16T13:41:12,500Z] <webapi-3> ERROR db     - Failed to import config database during backup restore
[2026-02-16T13:41:12,562Z] <webapi-3> WARN  system - Failed to restore backup. Database may be corrupted.
...
[2026-02-16T13:41:12,559Z] <webapi-3> ERROR system - Failed to import backup. No changes were applied.
[2026-02-16T13:41:12,561Z] <webapi-3> ERROR system - Fail to restore

Source / References:

@anoppe
Add dbOwner role for _restore database to mongo-init.sh script
4f842a9 
When restoring an installation from backup, the unifi network application tries to drop the `${MONGODB_DBNAME}_restore` database, which fails because the user used to authenticate with MonboDB doesn't have the permissions to do so.
@LinuxServer-CI
Copy link
Contributor

LinuxServer-CI commented Feb 16, 2026

I am a bot, here is the pushed image/manifest for this PR:

ghcr.io/linuxserver/lspipepr-unifi-network-application:10.1.85-pkg-c229255f-dev-4f842a9edf76fb0c19f0f94993ed880c53ff3b2f-pr-175

@LucasCZE
Copy link

LucasCZE commented Feb 24, 2026

I confirm that this issue exists and the change in this PR resolves the issue. I just did a clean deployment and successfully restored from a backup. Tested with MongoDB 4.4.30 and UniFi Network Application 10.1.85.

However, there is one more issue. UniFi Network Application tries to check the status of MongoDB at startup and does not have permission to do so.

[2026-02-24T09:20:59,630+01:00] <launcher> ERROR mongo  - Could not determine Mongo journaling state
com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized): 'not authorized on admin to execute command { serverStatus: 1, $db: "admin", lsid: { id: UUID("c2649e9d-667a-4c4d-b376-5116a47c0b34") } }' on server 127.0.0.1:27017. The full response is {"ok": 0.0, "errmsg": "not authorized on admin to execute command { serverStatus: 1, $db: \"admin\", lsid: { id: UUID(\"c2649e9d-667a-4c4d-b376-5116a47c0b34\") } }", "code": 13, "codeName": "Unauthorized"}
	at com.mongodb.internal.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:205)
	at com.mongodb.internal.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:515)
	at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceiveInternal(InternalStreamConnection.java:438)
	at com.mongodb.internal.connection.InternalStreamConnection.lambda$sendAndReceive$0(InternalStreamConnection.java:366)
	at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:369)
	at com.mongodb.internal.connection.UsageTrackingInternalConnection.sendAndReceive(UsageTrackingInternalConnection.java:114)
	at com.mongodb.internal.connection.DefaultConnectionPool$PooledConnection.sendAndReceive(DefaultConnectionPool.java:743)
	at com.mongodb.internal.connection.CommandProtocolImpl.execute(CommandProtocolImpl.java:76)
	at com.mongodb.internal.connection.DefaultServer$DefaultServerProtocolExecutor.execute(DefaultServer.java:209)
	at com.mongodb.internal.connection.DefaultServerConnection.executeProtocol(DefaultServerConnection.java:115)
	at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:83)
	at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:74)
	at com.mongodb.internal.connection.DefaultServer$OperationCountTrackingConnection.command(DefaultServer.java:299)
	at com.mongodb.internal.operation.SyncOperationHelper.createReadCommandAndExecute(SyncOperationHelper.java:270)
	at com.mongodb.internal.operation.SyncOperationHelper.lambda$executeRetryableRead$3(SyncOperationHelper.java:188)
	at com.mongodb.internal.operation.SyncOperationHelper.lambda$withSourceAndConnection$0(SyncOperationHelper.java:124)
	at com.mongodb.internal.operation.SyncOperationHelper.withSuppliedResource(SyncOperationHelper.java:149)
	at com.mongodb.internal.operation.SyncOperationHelper.lambda$withSourceAndConnection$1(SyncOperationHelper.java:123)
	at com.mongodb.internal.operation.SyncOperationHelper.withSuppliedResource(SyncOperationHelper.java:149)
	at com.mongodb.internal.operation.SyncOperationHelper.withSourceAndConnection(SyncOperationHelper.java:122)
	at com.mongodb.internal.operation.SyncOperationHelper.lambda$executeRetryableRead$4(SyncOperationHelper.java:186)
	at com.mongodb.internal.operation.SyncOperationHelper.lambda$decorateReadWithRetries$12(SyncOperationHelper.java:289)
	at com.mongodb.internal.async.function.RetryingSyncSupplier.get(RetryingSyncSupplier.java:67)
	at com.mongodb.internal.operation.SyncOperationHelper.executeRetryableRead(SyncOperationHelper.java:191)
	at com.mongodb.internal.operation.SyncOperationHelper.executeRetryableRead(SyncOperationHelper.java:173)
	at com.mongodb.internal.operation.CommandReadOperation.execute(CommandReadOperation.java:48)
	at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:153)
	at com.mongodb.client.internal.MongoDatabaseImpl.executeCommand(MongoDatabaseImpl.java:196)
	at com.mongodb.client.internal.MongoDatabaseImpl.runCommand(MongoDatabaseImpl.java:165)
	at com.mongodb.client.internal.MongoDatabaseImpl.runCommand(MongoDatabaseImpl.java:160)
	at com.mongodb.client.internal.MongoDatabaseImpl.runCommand(MongoDatabaseImpl.java:150)
	at com.ubnt.service.t.KXRsxOrTgd.NuASDHfEkby(Unknown Source)
	at com.ubnt.service.t.KXRsxOrTgd.JIalYIaHEXhyMHR(Unknown Source)
	at com.ubnt.service.t.KXRsxOrTgd.DadZDMpkYQpXvHJLusr(Unknown Source)
	at com.ubnt.service.t.KXRsxOrTgd.afterPropertiesSet(Unknown Source)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1873)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1822)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:607)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:529)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:339)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:373)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:337)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1228)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1194)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1130)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:990)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627)
	at com.ubnt.service.ugvauSFKYnUJfPDdH.KDAhaqZDGbqZ(Unknown Source)
	at com.ubnt.service.kSOuWE.bskior(Unknown Source)
	at com.ubnt.net.rhWefHTjfsZBecxmCPY.ceqGgqDaqNcHreYuHTI(Unknown Source)
	at com.ubnt.net.rhWefHTjfsZBecxmCPY.bxAMRLyppt(Unknown Source)
	at com.ubnt.net.rhWefHTjfsZBecxmCPY.LEWCWfvHmtuLmI(Unknown Source)
	at com.ubnt.service.kSOuWE.bWwgIOQmUuYLRTvbHC(Unknown Source)
	at com.ubnt.ace.Launcher.startInCurrentProcess(Unknown Source)
	at com.ubnt.ace.Launcher.main(Unknown Source)

This issue can be easily fixed by adding another role. In my environment, I fixed it by adding the clusterMonitor role. So the resulting role array looks like this:

roles: [
  "clusterMonitor",
  { db: "${MONGO_DBNAME}", role: "dbOwner" },
  { db: "${MONGO_DBNAME}_stat", role: "dbOwner" },
  { db: "${MONGO_DBNAME}_audit", role: "dbOwner" },
  { db: "${MONGO_DBNAME}_restore", role: "dbOwner" }
]

It would be great to solve this issue as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Issue & PR Tracker
Status: PRs

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anoppe @LinuxServer-CI @LucasCZE