Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14028

mongodb-10gen debian packages do not check correctly whether the mongodb user exists

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.4.9
    • Component/s: Packaging
    • Labels:
      None
    • Fully Compatible
    • Linux
    • Hide

      1. Before any mongodb software is installed create a dummy user with arbitrary name and GECOS field "mongodb backup user"
      2. Then install the mongodb-10gen debian/ubuntu package

      Bonus:

      1. Install the mongodb mms agent before mongodb-10gen
      2. Install mongodb-10gen

      Show
      1. Before any mongodb software is installed create a dummy user with arbitrary name and GECOS field "mongodb backup user" 2. Then install the mongodb-10gen debian/ubuntu package Bonus: 1. Install the mongodb mms agent before mongodb-10gen 2. Install mongodb-10gen

      The mongodb-10gen.postinst script in the mongodb-10gen debian/package package contains an insufficient check whether the user "mongodb" exists.

      From the mongodb-10gen.postinst file
      [...]

      1. create a mongodb group and user
        if ! grep -q mongodb /etc/passwd; then
        adduser --system --no-create-home mongodb
        addgroup --system mongodb
        adduser mongodb mongodb
        fi
        [...]

      This is insufficient for the following reasons:

      1. The grep matches 'mongodb' anywhere in the passwd file instead of looking for an exact match in the password field.
      2. The passwd is not the only place where UNIX user accounts exist, use any nss module (nss-ldap, ...) and the postinst will never notice. The proper way to check is using 'getent passwd mongodb' (grep for passwd in any /var/lib/dpkg/info/*.postinst file and look what everybody else does).

            Assignee:
            ernie.hershey@mongodb.com Ernie Hershey (Inactive)
            Reporter:
            Matthias Witte Matthias Witte [X]
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: