Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-21378

Add a setParameter that will bypass auth metadata startup validation checks

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 3.2.0-rc1
    • Fix Version/s: 3.2.9, 3.3.11
    • Component/s: Security
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Completed:
    • Sprint:
      Security (08/08/16), Security 19 (08/29/16)

      Description

      During start up, mongod checks various properties of the auth metadata, and will exit if they fail. However, the checks are done even if auth is not enabled. This denies the user the ability to fix any problems by restarting the mongod without --auth, which is the usual way of dealing with auth metadata problems.

      The advice given in the log messages is to downgrade to 2.6 and run authSchemaUpgrade. However, this is not possible if the storage engine is something other than MMAPv1. (This means this problem is worse in 3.2 than 3.0, since the default engine is WT.) In this case, the user data becomes completely inaccessible with no workaround to access it.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              haikinh.hoang Kinh Hoang
              Reporter:
              kevin.pulo Kevin Pulo
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: