Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.7.1
Affects Version/s: 2.5.5
Component/s: Security
Labels:
- 26qa

Backwards Compatibility:
Fully Compatible

Currently the localhost exception gives full privileges to all operations and commands. The purpose is only to create the first admin DB user.

Hence it would make sense to limit the localhost exception exposure to give the createUser action type on the admin DB, or possibly the UserAdmin role id that is preferable from an implementation perspective.

has to be done before

DOCS-3310 Update Localhost Exception Documentation

Closed

is depended on by

DRIVERS-162 Work around reduction of localhost exception permissions in MongoDB >= 2.7.1

Closed

is related to

SERVER-11126 addUser does not work on mongos without shards

Closed

SERVER-11816 In sharded system with no shards, cannot run commands against dbs other than "config" and "admin"

Closed

JAVA-1528 Work around localhost exception issues in addUser helpers

Closed

related to

DRIVERS-169 Work around localhost exception issues in addUser helpers

Closed

RUBY-782 Change add_user helper command to work with narrowed localhost exception.

Closed

SERVER-13698 Add roles and privileges to connectionStatus output

Closed

(3 related to)

Assignee:: Amalia Hawkins

Reporter:: Andreas Nilsson

Participants:: Amalia Hawkins, Andreas Nilsson, Githook User, Spencer Brody

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: Feb 05 2014 03:27:27 PM UTC

Updated:: Oct 27 2015 02:38:18 PM UTC

Resolved:: May 23 2014 03:22:55 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates