Details
-
Task
-
Resolution: Unresolved
-
Major - P3
-
None
-
2.6.4
-
Server Security
Description
mongo started as non-root user with C/R mechanism enabled .
mongod -f /opt/users/mongodbx/configs/f0ata.conf --setParameter enableTestCommands=1
|
$ cat /opt/users/mongodbx/configs/f0ata.conf (snippet below)
|
net:
|
bindIp: 1:2:3:4
|
port: 29000
|
ssl:
|
mode: requireSSL
|
PEMKeyFile: /opt/users/mongodbx/ssl/mongodb.pem
|
CAFile: /opt/users/mongodbx/ssl/ca.pem
|
weakCertificateValidation: true
|
clusterFile: /opt/users/mongodbx/ssl/mongodb.pem
|
security:
|
authorization: enabled
|
clusterAuthMode: x509
|
user mongodbx connects using shell without providing user name and password i.e. not authenticated.
mongo --host az2-labs-esx2-app3:29000 --ssl admin
|
MongoDB shell version: 2.6.4
|
connecting to: az2-labs-esx2-app3:29000/admin
|
rs_fata:PRIMARY> use anytoany
|
switched to db anytoany
|
rs_fata:PRIMARY> show collections
|
2014-12-02T14:19:02.317-0700 error: {
|
"$err" : "not authorized for query on anytoany.system.namespaces",
|
"code" : 13
|
} at src/mongo/shell/query.js:131 <= as expected.
|
rs_fata:PRIMARY> db.runCommand( { emptycapped: "event"} )
|
{ "ok" : 1 } <= Notice not authenticated !!
|
rs_fata:PRIMARY> show collections
|
2014-12-02T14:19:50.035-0700 error: {
|
"$err" : "not authorized for query on anytoany.system.namespaces",
|
"code" : 13
|
} at src/mongo/shell/query.js:131 <= expected though.
|
|
|
rs_fata:PRIMARY> use admin
|
switched to db admin
|
rs_fata:PRIMARY> db.auth("mongodba","********")
|
1
|
rs_fata:PRIMARY> use anytotany
|
switched to db anytotany
|
rs_fata:PRIMARY> db.event.count()
|
0 <= works as expected since user is authenticated.
|
Is this a bug or expected behaviour ?
Attachments
Issue Links
- has to be done after
-
SERVER-29050 Create upgrade/downgrade mechanism for adding and removing ActionTypes
-
- Backlog
-