[SERVER-14028] mongodb-10gen debian packages do not check correctly whether the mongodb user exists Created: 22/May/14  Updated: 10/Dec/14  Resolved: 22/May/14

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: 2.4.9
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Matthias Witte [X] Assignee: Ernie Hershey
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-7883 debian install fails if mongodb user ... Closed
Backwards Compatibility: Fully Compatible
Operating System: Linux
Steps To Reproduce:

1. Before any mongodb software is installed create a dummy user with arbitrary name and GECOS field "mongodb backup user"
2. Then install the mongodb-10gen debian/ubuntu package

Bonus:

1. Install the mongodb mms agent before mongodb-10gen
2. Install mongodb-10gen

Participants:

 Description   

The mongodb-10gen.postinst script in the mongodb-10gen debian/package package contains an insufficient check whether the user "mongodb" exists.

From the mongodb-10gen.postinst file
[...]

  1. create a mongodb group and user
    if ! grep -q mongodb /etc/passwd; then
    adduser --system --no-create-home mongodb
    addgroup --system mongodb
    adduser mongodb mongodb
    fi
    [...]

This is insufficient for the following reasons:

1. The grep matches 'mongodb' anywhere in the passwd file instead of looking for an exact match in the password field.
2. The passwd is not the only place where UNIX user accounts exist, use any nss module (nss-ldap, ...) and the postinst will never notice. The proper way to check is using 'getent passwd mongodb' (grep for passwd in any /var/lib/dpkg/info/*.postinst file and look what everybody else does).



 Comments   
Comment by Ernie Hershey [ 22/May/14 ]

This was fixed as part of SERVER-7883 in these commits:
https://github.com/mongodb/mongo/commit/732c43fd8786fed550b033f47372a9225f9d047c
https://github.com/mongodb/mongo/commit/e0af66d3ac4da46a4c2946a3d4056315cfb6653a

It should be fixed in version 2.5.3 and later.

Generated at Thu Feb 08 03:33:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.