[SERVER-1227] Make installService grant the "Login as a Service" right if necessary to the user that is running the service Created: 12/Jun/10 Updated: 10/May/18 Resolved: 10/May/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Admin, Tools, Usability |
| Affects Version/s: | 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Justin Dearing | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows only |
||
| Participants: |
| Description |
|
Making this part of 1225 a separate subtask. |
| Comments |
| Comment by Mira Carey [ 10/May/18 ] |
|
Given the length of time this ticket has been open without resolution (and because we offer msi's on windows), closing as wontfix |
| Comment by Tad Marshall [ 16/Jan/12 ] |
|
Some thoughts ... 1) This seems a little bit questionable to me, just because it mixes changes to user permissions with the logically distinct operation of setting up the MongoDB service. From a separation of functions standpoint, it seems like maybe it would be better to ask the user (who needs Administrator privileges anyway) to configure the user account themselves using the standard Windows tools to be usable as a service account. 2) Longer term, we would like to provide an MSI package for the MongoDB server on Windows, and the MSI package would take over responsibility for configuring MongoDB as a service. This would make much of the code in ntservice.cpp redundant, and the code would likely be removed once the MSI package became the mechanism for setting up the service. I'm not really against making this change, but I wanted to post my concerns. |
| Comment by Justin Dearing [ 16/Dec/10 ] |
|
I finally figured out the Win32 API call to make this happen: LsaAddAccountRights() http://msdn.microsoft.com/en-us/library/ms721786(v=vs.85).aspx Figured it out by looking at the source code of the user management far plugin: |
| Comment by Justin Dearing [ 09/Oct/10 ] |
|
My github branch with WIP. Currently does't work. |
| Comment by Justin Dearing [ 09/Oct/10 ] |
|
I was working on a blog article about how to securely setup mongod as a service when I realized there is no easy way to do this from the command line, or powershell prompt. Makes it doubly important that this gets done. |