[SERVER-16425] Remove action type for emptycapped command Created: 05/Dec/14 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.6.4 |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Dharmaraj Narayan | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | platforms-re-triaged | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
mongo started as non-root user with C/R mechanism enabled .
user mongodbx connects using shell without providing user name and password i.e. not authenticated.
Is this a bug or expected behaviour ? |
| Comments |
| Comment by Spencer Jackson [ 03/May/17 ] |
|
I did some investigation into how straightforward it is to remove an ActionType. It looks like any privileges containing the unrecognized ActionType will not be deserialized from role documents. This means custom roles with privileges granting 'emptycapped' with other ActionTypes would stop working. I filed SERVER-29050 to track the work which would be needed to implement the prerequisite upgrade downgrade. I'm moving this ticket onto the backlog, at least until SERVER-29050 is resolved. |
| Comment by Andreas Nilsson [ 10/Dec/14 ] |
|
Yes, the action type will be removed and functionality retained. Unfortunately it's not as trivial as it sounds since we need to make sure new versions are backwards compatible with user-defined and built-in roles containing this privilege. That is, ignores it in an appropriate fashion. |
| Comment by Andreas Nilsson [ 09/Dec/14 ] |
|
DN the reason emptycapped is a test command is that we haven't identified any strong client need to use it in a production environment. Dropping a collection and recreating it should have the same desired outcome. I converted this ticket to removing the action type for emptycapped. Thank you, |
| Comment by Andreas Nilsson [ 05/Dec/14 ] |
|
I agree that there should be no assignable privilege for a test command, that is an oversight and should be fixed. As for making emptycapped a non-test command I will circle back with my colleagues and investigate the original rationale of making if for testing only. (cc spencer) Thank you, |
| Comment by Dharmaraj Narayan [ 05/Dec/14 ] |
|
Andreas, Also there seems no other way to empty a capped collection other than with "--setParameter enableTestCommands=1" on the command line. Seems like if the feature was made to work with the privilege in place and a programmatic runtime setting, it would better fulfill a need . Thank You. Ocotillo Center | 2600 S.Price Rd., 4th floor | Chandler AZ -85286-7806 Email: narayand@wellsfargo.com |
| Comment by Andreas Nilsson [ 05/Dec/14 ] |
|
Hi, Thanks for reporting this, it does look odd at a first sight. However emptycapped is a test command and thus does not require authentication. It is enabled with the mongod flag "enableTestCommands=1". |