[SERVER-23799] Authorization check Created: 19/Apr/16  Updated: 07/Dec/16  Resolved: 19/Apr/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.2.5
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Ricardo Lorenzo Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-23796 Incorrect warning when using mongos w... Closed
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 13 (04/22/16)
Participants:

 Description   

There seems to be a small bug inside the configuration security checks. It seems like is checking for the security.authorization parameter. However, this parameter isn't available in mongos.

Should this check take in consideration the keyFile or any other internal authentication parameters which can also enable the authorization?

/usr/bin/mongos --keyFile /tmp/mongodb-mms-automation.lock --configdb 127.0.0.1
2016-04-19T15:11:51.224+0100 W SHARDING [main] Running a sharded cluster with fewer than 3 config servers should only be done for testing purposes and is not recommended for production.
2016-04-19T15:11:51.229+0100 I CONTROL  [main] 
2016-04-19T15:11:51.229+0100 I CONTROL  [main] ** WARNING: Insecure configuration, access control is not enabled and no --bind_ip has been specified.
2016-04-19T15:11:51.229+0100 I CONTROL  [main] **          Read and write access to data and configuration is unrestricted, 
2016-04-19T15:11:51.229+0100 I CONTROL  [main] **          and the server listens on all available network interfaces.
2016-04-19T15:11:51.230+0100 I CONTROL  [main] 
2016-04-19T15:11:51.230+0100 I ACCESS   [main] permissions on /tmp/mongodb-mms-automation.lock are too open


Generated at Thu Feb 08 04:04:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.