Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.2.4
Affects Version/s: 2.2.1
Component/s: Security
Labels:
None

Operating System:
ALL
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

On MongoD

Steps to reproduce:

Create a read-only user in any database:

> db.addUser('mod', 'pass', true)

Restart with mongod --auth.

> db.auth('mod','pass')
> db.system.users.find()
error: {
  "$err": "unauthorized db:test ns:test.system.users lock type:1 client:127.0.0.1",
  "code": 10057
}

On MongoS started --keyFile filename and members with --auth --keyFile filename

> db.auth('mod','pass')
> db.system.users.find()

{ "_id": ObjectId("509cea7b45f86c6fcc64b71c"), "user": "mod", "readOnly": true, "pwd": "aa387b99960161d09f7a38d57fd7a15a" }

Note that the mongoD is not part of the mongoS shard. And same occurs on localhost and connecting from a remote host in LAN.

related to

SERVER-4692 Read-only users should be denied access to system.users collection

Closed

SERVER-3198 Ability to restrict operations by role

Closed

Assignee:: Spencer Brody (Inactive)
Reporter:: Gianfranco Palumbo (Inactive)
Participants:: auto, Gianfranco Palumbo, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Nov 09 2012 04:34:53 PM UTC
Updated:: Jul 11 2016 05:57:15 PM UTC
Resolved:: Feb 27 2013 06:22:38 PM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates