Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3048

shutdown command should require admin username/password when auth is on

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 1.8.1
    • Component/s: Admin
    • Labels:
    • ALL

      To reproduce run mongod with --auth and open a fresh copy of the mongo shell and then:

      > use admin
      switched to db admin
      > db.admin.find()
      error: {
      "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",
      "code" : 10057
      }
      > db.admin.runCommand("shutdown")
      Thu May 05 11:57:01 DBClientCursor::init call() failed
      Thu May 05 11:57:01 query failed : admin.$cmd

      { shutdown: "admin" }

      to: 127.0.0.1
      Thu May 05 11:57:01 Error: error doing query: failed shell/collection.js:150
      Thu May 05 11:57:01 trying reconnect to 127.0.0.1
      Thu May 05 11:57:02 reconnect 127.0.0.1 failed couldn't connect to server 127.0.0.1
      >

      The shutdown command should have failed with the same error as the find.

            Assignee:
            brandon Brandon Diamond
            Reporter:
            robert@mongodb.com Robert Stam
            Votes:
            5 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: