[SERVER-14028] mongodb-10gen debian packages do not check correctly whether the mongodb user exists Created: 22/May/14 Updated: 10/Dec/14 Resolved: 22/May/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Packaging |
| Affects Version/s: | 2.4.9 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matthias Witte [X] | Assignee: | Ernie Hershey |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | Linux | ||||||||
| Steps To Reproduce: | 1. Before any mongodb software is installed create a dummy user with arbitrary name and GECOS field "mongodb backup user" Bonus: 1. Install the mongodb mms agent before mongodb-10gen |
||||||||
| Participants: | |||||||||
| Description |
|
The mongodb-10gen.postinst script in the mongodb-10gen debian/package package contains an insufficient check whether the user "mongodb" exists. From the mongodb-10gen.postinst file
This is insufficient for the following reasons: 1. The grep matches 'mongodb' anywhere in the passwd file instead of looking for an exact match in the password field. |
| Comments |
| Comment by Ernie Hershey [ 22/May/14 ] |
|
This was fixed as part of It should be fixed in version 2.5.3 and later. |