[SERVER-21378] Add a setParameter that will bypass auth metadata startup validation checks Created: 10/Nov/15  Updated: 06/Aug/18  Resolved: 04/Aug/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.0, 3.2.0-rc1
Fix Version/s: 3.2.9, 3.3.11

Type: Bug Priority: Major - P3
Reporter: Kevin Pulo Assignee: Kinh Hoang
Resolution: Done Votes: 0
Labels: code-only
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-8951 Add a setParameter that will bypass a... Closed
Related
related to SERVER-25407 Potentially remove checkAdminDatabase() Closed
is related to SERVER-36426 Repair should reinitialize the admin ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Security (08/08/16), Security 19 (08/29/16)
Participants:

 Description   

During start up, mongod checks various properties of the auth metadata, and will exit if they fail. However, the checks are done even if auth is not enabled. This denies the user the ability to fix any problems by restarting the mongod without --auth, which is the usual way of dealing with auth metadata problems.

The advice given in the log messages is to downgrade to 2.6 and run authSchemaUpgrade. However, this is not possible if the storage engine is something other than MMAPv1. (This means this problem is worse in 3.2 than 3.0, since the default engine is WT.) In this case, the user data becomes completely inaccessible with no workaround to access it.



 Comments   
Comment by Githook User [ 08/Aug/16 ]

Author:

{u'name': u'Hai-Kinh Hoang', u'email': u'haikinh.hoang@mongodb.com'}

Message: SERVER-21378 add setParameter startupAuthSchemaValidation used to bypass auth metadata startup validation checks
Branch: v3.2
https://github.com/mongodb/mongo/commit/032eea30f14b37f7c39a5cb989e49978e556f6a3

Comment by Githook User [ 04/Aug/16 ]

Author:

{u'name': u'Hai-Kinh Hoang', u'email': u'haikinh.hoang@mongodb.com'}

Message: SERVER-21378 add setParameter startupAuthSchemaValidation used to bypass auth metadata startup validation checks
Branch: master
https://github.com/mongodb/mongo/commit/931a227eedca19bc05fc6318996ffd3c6a2c6f4b

Generated at Thu Feb 08 03:57:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.