Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12621

Reduce localhost exception permissions

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 2.5.5
    • 2.7.1
    • Security
    • Fully Compatible

    Description

      Currently the localhost exception gives full privileges to all operations and commands. The purpose is only to create the first admin DB user.

      Hence it would make sense to limit the localhost exception exposure to give the createUser action type on the admin DB, or possibly the UserAdmin role id that is preferable from an implementation perspective.

      Attachments

        Issue Links

          has to be done before

          Task - A task that needs to be done. DOCS-3310 Update Localhost Exception Documentation

          • Major - P3 - Major loss of function.
          • Closed
          is depended on by

          Task - A task that needs to be done. DRIVERS-162 Work around reduction of localhost exception permissions in MongoDB >= 2.7.1

          • Major - P3 - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-11126 addUser does not work on mongos without shards

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-11816 In sharded system with no shards, cannot run commands against dbs other than "config" and "admin"

          • Minor - P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JAVA-1528 Work around localhost exception issues in addUser helpers

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Task - A task that needs to be done. DRIVERS-169 Work around localhost exception issues in addUser helpers

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. RUBY-782 Change add_user helper command to work with narrowed localhost exception.

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-13698 Add roles and privileges to connectionStatus output

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              amalia.hawkins@10gen.com Amalia Hawkins
              andreas.nilsson Andreas Nilsson
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: