-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: 2.6.4
-
Component/s: Security
-
Server Security
mongo started as non-root user with C/R mechanism enabled .
mongod -f /opt/users/mongodbx/configs/f0ata.conf --setParameter enableTestCommands=1
$ cat /opt/users/mongodbx/configs/f0ata.conf (snippet below)
net:
bindIp: 1:2:3:4
port: 29000
ssl:
mode: requireSSL
PEMKeyFile: /opt/users/mongodbx/ssl/mongodb.pem
CAFile: /opt/users/mongodbx/ssl/ca.pem
weakCertificateValidation: true
clusterFile: /opt/users/mongodbx/ssl/mongodb.pem
security:
authorization: enabled
clusterAuthMode: x509
user mongodbx connects using shell without providing user name and password i.e. not authenticated.
mongo --host az2-labs-esx2-app3:29000 --ssl admin
MongoDB shell version: 2.6.4
connecting to: az2-labs-esx2-app3:29000/admin
rs_fata:PRIMARY> use anytoany
switched to db anytoany
rs_fata:PRIMARY> show collections
2014-12-02T14:19:02.317-0700 error: {
"$err" : "not authorized for query on anytoany.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131 <= as expected.
rs_fata:PRIMARY> db.runCommand( { emptycapped: "event"} )
{ "ok" : 1 } <= Notice not authenticated !!
rs_fata:PRIMARY> show collections
2014-12-02T14:19:50.035-0700 error: {
"$err" : "not authorized for query on anytoany.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131 <= expected though.
rs_fata:PRIMARY> use admin
switched to db admin
rs_fata:PRIMARY> db.auth("mongodba","********")
1
rs_fata:PRIMARY> use anytotany
switched to db anytotany
rs_fata:PRIMARY> db.event.count()
0 <= works as expected since user is authenticated.
Is this a bug or expected behaviour ?
- has to be done after
-
SERVER-29050 Create upgrade/downgrade mechanism for adding and removing ActionTypes
-
- Backlog
-