Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10794

For compatibility with old versions of the shell, db.addUser("user", "password") should create a super-user.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.5.2
    • Fix Version/s: 2.5.3
    • Component/s: Security, Shell
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL

      Description

      On databases other than "admin", db.addUser("user", "password") will be equivalent to

      db.addUser({user: "user", pwd: "password", roles: ["dbOwner"]})

      . The dbOwner builtin database role will be the union of the "dbAdmin", "readWrite" and "userAdmin" roles.

      On databases other than "admin", db.addUser("user", "password", true) will be equivalent to

      db.addUser({user: "user", pwd: "password", roles: ["read"]})

      . The read builtin database role will be the same as existed in MongoDB 2.4 and prior.

      On the "admin" database, db.addUser("user", "password") will be equivalent to

      db.addUser({user: "user", pwd: "password", roles: ["root"]})

      . The root builtin admin role will have extensive access, as in MongoDB 2.4.

      On the "admin" database, db.addUser("user", "password", true) will be equivalent to

      db.addUser({user: "user", pwd: "password", roles: ["readAnyDatabase"]})

      . The readAnyDatabase role will have read access to any database. This is a reduction in privilege compared to MongoDB 2.4, which may be remediated through the use of user-defined roles.

      Any use of these 2- and 3-argument forms of db.addUser() will cause the shell to display a warning message to the user, and may cause the server to write a warning message to the startupWarnings log and perhaps the diagnostic log, indicating that this form is deprecated, and will be removed in a future release of MongoDB.

      There will be no db.addUser("user", "password", [roles]) form of the addUser command in 2.6.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              spencer Spencer Brody (Inactive)
              Reporter:
              schwerin Andy Schwerin
              Participants:
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: