[SERVER-1227] Make installService grant the "Login as a Service" right if necessary to the user that is running the service Created: 12/Jun/10  Updated: 10/May/18  Resolved: 10/May/18

Status: Closed
Project: Core Server
Component/s: Admin, Tools, Usability
Affects Version/s: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Justin Dearing Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows only


Participants:

 Description   

Making this part of 1225 a separate subtask.



 Comments   
Comment by Mira Carey [ 10/May/18 ]

Given the length of time this ticket has been open without resolution (and because we offer msi's on windows), closing as wontfix

Comment by Tad Marshall [ 16/Jan/12 ]

Some thoughts ...

1) This seems a little bit questionable to me, just because it mixes changes to user permissions with the logically distinct operation of setting up the MongoDB service. From a separation of functions standpoint, it seems like maybe it would be better to ask the user (who needs Administrator privileges anyway) to configure the user account themselves using the standard Windows tools to be usable as a service account.

2) Longer term, we would like to provide an MSI package for the MongoDB server on Windows, and the MSI package would take over responsibility for configuring MongoDB as a service. This would make much of the code in ntservice.cpp redundant, and the code would likely be removed once the MSI package became the mechanism for setting up the service.

I'm not really against making this change, but I wanted to post my concerns.

Comment by Justin Dearing [ 16/Dec/10 ]

I finally figured out the Win32 API call to make this happen: LsaAddAccountRights() http://msdn.microsoft.com/en-us/library/ms721786(v=vs.85).aspx

Figured it out by looking at the source code of the user management far plugin:
http://code.google.com/p/evil-programmers/source/browse/trunk/UserManager/src/um_adds.cpp?r=311

Comment by Justin Dearing [ 09/Oct/10 ]

My github branch with WIP. Currently does't work.

Comment by Justin Dearing [ 09/Oct/10 ]

I was working on a blog article about how to securely setup mongod as a service when I realized there is no easy way to do this from the command line, or powershell prompt. Makes it doubly important that this gets done.

http://serverfault.com/questions/188383/looking-to-as-the-log-on-as-a-service-right-to-an-account-via-the-command-line/188410#188410

Generated at Thu Feb 08 02:56:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.