Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3048

shutdown command should require admin username/password when auth is on

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Duplicate
    • Affects Version/s: 1.8.1
    • Fix Version/s: None
    • Component/s: Admin
    • Labels:
    • Operating System:
      ALL

      Description

      To reproduce run mongod with --auth and open a fresh copy of the mongo shell and then:

      > use admin
      switched to db admin
      > db.admin.find()
      error: {
      "$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",
      "code" : 10057
      }
      > db.admin.runCommand("shutdown")
      Thu May 05 11:57:01 DBClientCursor::init call() failed
      Thu May 05 11:57:01 query failed : admin.$cmd

      { shutdown: "admin" }

      to: 127.0.0.1
      Thu May 05 11:57:01 Error: error doing query: failed shell/collection.js:150
      Thu May 05 11:57:01 trying reconnect to 127.0.0.1
      Thu May 05 11:57:02 reconnect 127.0.0.1 failed couldn't connect to server 127.0.0.1
      >

      The shutdown command should have failed with the same error as the find.

        Attachments

          Activity

            People

            • Votes:
              5 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: