Skip to content

[BUG] Backup restore fails with external MongoDB because user lacks permissions on <dbname>_restore #180

@icsboyx

Description

@icsboyx

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Description

When deploying lscr.io/linuxserver/unifi-network-application with an
external MongoDB, the restore wizard executed immediately after
the first startup can fail due to missing database permissions.

The controller starts correctly and connects to MongoDB without any
issue.
However, when using the initial setup wizard to restore a .unf
backup
, the process fails silently and the UI returns to the setup
screen.

Inspecting the logs shows the actual error:

Failed to import backup. No changes were applied.
not authorized on unifi_restore to execute command { dropDatabase: 1, $db: "unifi_restore" }

The restore process internally creates a temporary database named:

<dbname>_restore

The example init-mongo.sh script provided in the documentation grants
permissions only to:

<dbname>
<dbname>_stat
<dbname>_audit

but does not grant permissions on <dbname>_restore, which causes
the restore wizard to fail.

This issue appears specifically when restoring a backup via the wizard
immediately after the first controller startup
.


Current example (missing permission)

The documented MongoDB user creation example:

db.createUser({
  user: "${MONGO_USER}",
  pwd: "${MONGO_PASS}",
  roles: [
    { db: "${MONGO_DBNAME}", role: "dbOwner" },
    { db: "${MONGO_DBNAME}_stat", role: "dbOwner" },
    { db: "${MONGO_DBNAME}_audit", role: "dbOwner" }
  ]
})

Required fix

Adding permissions for <dbname>_restore resolves the problem.
(solved my issue)
Modified example:

db.createUser({
  user: "${MONGO_USER}",
  pwd: "${MONGO_PASS}",
  roles: [
    { db: "${MONGO_DBNAME}", role: "dbOwner" },
    { db: "${MONGO_DBNAME}_stat", role: "dbOwner" },
    { db: "${MONGO_DBNAME}_audit", role: "dbOwner" },
    { db: "${MONGO_DBNAME}_restore", role: "dbOwner" }
  ]
})

After adding this role, the restore wizard works correctly during the
initial setup
.


Environment

Image:
lscr.io/linuxserver/unifi-network-application
Observed version:
10.1.85-ls120
MongoDB:
mongo:7.0
Backup source:
UniFi Network 8.0.24
Deployment:
Docker Compose with external MongoDB container


Suggestion

It would be helpful if the Mongo initialization example in the
documentation included permissions for:

${MONGO_DBNAME}_restore

since the restore wizard depends on it and fails otherwise.

Expected Behavior

No response

Steps To Reproduce

Steps To Reproduce

  1. Deploy lscr.io/linuxserver/unifi-network-application using an external MongoDB container (for example mongo:7.0) with the documented init-mongo.sh.

  2. Start the stack and open the UniFi Network web UI for the first time.

  3. During the initial setup wizard, choose Restore from backup.

  4. Upload a valid .unf backup file (example: from UniFi Network 8.0.24).

  5. Confirm the restore.

  6. The controller restarts but the restore fails and the UI returns to the initial setup screen.

  7. Logs show the real cause:

docker exec -it unifi-network-application bash
cd /config/logs
tail -n 200 server.log
tail -n 200 migration.log

Environment

- OS: Arch Rolling (Linux srv01 6.16.8-zen3-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Mon, 22 Sep 2025 22:08:18 +0000 x86_64 GNU/Linux)
- How docker service was installed: Docker version 28.4.0, build d8eb465f86

CPU architecture

x86-64

Docker creation

### Command used to create docker container

Docker Compose deployment.


---
services:
  unifi-network-application:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Rome
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      - MONGO_USER=<APP_MONGO_USER>
      - MONGO_PASS=<APP_MONGO_PASSWORD>
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=<APP_MONGO_DBNAME>
      - MONGO_AUTHSOURCE=admin
    #      - MONGO_TLS= #optional
    volumes:
      - ./config:/config
    depends_on:
      - unifi-db
    networks:
      vlan11:
        ipv4_address: 192.168.1.252
      dbnet: {}
    restart: unless-stopped

  unifi-db:
    image: docker.io/mongo:7.0
    container_name: unifi-db
    environment:
      - MONGO_INITDB_ROOT_USERNAME=<MONGO_ROOT_USER>
      - MONGO_INITDB_ROOT_PASSWORD=<MONGO_ROOT_PASSWORD>
      - MONGO_USER=<APP_MONGO_USER>
      - MONGO_PASS=<APP_MONGO_PASSWORD>
      - MONGO_DBNAME=<APP_MONGO_DBNAME>
      - MONGO_AUTHSOURCE=admin
    volumes:
      - ./mongo:/data/db
      - ./init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
    networks:
      - dbnet
    restart: unless-stopped

networks:
  vlan11:
    external: true
  dbnet:
    external: false

Container logs

INFO  migration - Starting database restore process
INFO  system - Importing backup file
INFO  db - Creating temporary restore database

ERROR db - Unable to import database
com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized):
'not authorized on unifi_restore to execute command { dropDatabase: 1, $db: "unifi_restore" }'

ERROR db - Failed to import config database during backup restore
ERROR system - Failed to import backup. No changes were applied.
ERROR system - Fail to restore

INFO  system - Restarting controller after restore attempt
INFO  system - Controller startup initiated
INFO  startup - UniFi Network Application starting

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions