[SERVER-29103] Add option to disable writing shell history to .dbshell Created: 08/May/17  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Stennie Steneker (Inactive) Assignee: Backlog - Server Tooling and Methods (STM) (Inactive)
Resolution: Unresolved Votes: 1
Labels: move-sa, move-stm, platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Tooling & Methods
Participants:

 Description   

It would be desirable to have an explicit option to disable writing mongo shell history to a .dbshell file in the user's home directory. Although this history does not include sensitive information related to authentication, there may be personally identifiable data included in commands or queries.

Possible use cases:

  • as a command line parameter for mongo (eg. --nohistory) when connecting to remote servers with sensitive data
  • as a variable that can be set in the user or global mongorc.js so it takes effect in every session

A current workaround is to make the .dbshell history file read-only. The mongo shell will continue without error if the .dbshell file cannot be read or written (as per SERVER-26871).

For example, on a Unix-like system:

   # Ensure an empty history file
   echo "" > ~/.dbshell
 
   # Remove rwx access to the history file
   chmod 0 ~/.dbshell



 Comments   
Comment by Steven Vannelli [ 10/May/22 ]

Moving this ticket to the Backlog and removing the "Backlog" fixVersion as per our latest policy for using fixVersions.

Comment by Asya Kamsky [ 08/May/17 ]

Might also be possible to resolve this via SERVER-8417 where setting history length to 0 would mean "no history".

Generated at Thu Feb 08 04:19:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.