Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.7.1
Affects Version/s: 2.5.5
Component/s: Security
Labels:
- 26qa

Backwards Compatibility:
Fully Compatible
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Currently the localhost exception gives full privileges to all operations and commands. The purpose is only to create the first admin DB user.

Hence it would make sense to limit the localhost exception exposure to give the createUser action type on the admin DB, or possibly the UserAdmin role id that is preferable from an implementation perspective.

is depended on by

DRIVERS-162 Work around reduction of localhost exception permissions in MongoDB >= 2.7.1

Closed

is related to

SERVER-11126 addUser does not work on mongos without shards

Closed

SERVER-11816 In sharded system with no shards, cannot run commands against dbs other than "config" and "admin"

Closed

JAVA-1528 Work around localhost exception issues in addUser helpers

Closed

related to

DRIVERS-169 Work around localhost exception issues in addUser helpers

Closed

RUBY-782 Change add_user helper command to work with narrowed localhost exception.

Closed

SERVER-13698 Add roles and privileges to connectionStatus output

Closed

(2 related to)

Assignee:: Amalia Hawkins (Inactive)
Reporter:: Andreas Nilsson (Inactive)
Participants:: Amalia Hawkins, Andreas Nilsson, Githook User, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: Feb 05 2014 03:27:27 PM UTC
Updated:: Oct 27 2015 02:38:18 PM UTC
Resolved:: May 23 2014 03:22:55 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates