[SERVER-24177] db.printSlaveReplicationInfo requires much higher privileges than necessary Created: 17/May/16  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Andrew Ryder (Inactive) Assignee: Backlog - Replication Team
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Replication
Participants:

 Description   

db.printSlaveReplicationInfo bases all output on the information obtained via replSetGetStatus (so this is the only privilege it should need) but requires local.system.* access privileges to actually complete.

RE: https://github.com/mongodb/mongo/blob/r3.2.6/src/mongo/shell/db.js#L1024

It appears a simple flight check verifies if the member it is run against is in a replica-set. It could just issue the replSetGetStatus command instead and determine action on the result rather than attempting to query a "system" namespace.


Generated at Thu Feb 08 04:05:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.