[SERVER-3048] shutdown command should require admin username/password when auth is on Created: 05/May/11  Updated: 30/Mar/12  Resolved: 14/Dec/11

Status: Closed
Project: Core Server
Component/s: Admin
Affects Version/s: 1.8.1
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Robert Stam Assignee: Brandon Diamond
Resolution: Duplicate Votes: 5
Labels: cloud
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

To reproduce run mongod with --auth and open a fresh copy of the mongo shell and then:

> use admin
switched to db admin
> db.admin.find()
error: {
"$err" : "unauthorized db:admin lock type:-1 client:127.0.0.1",
"code" : 10057
}
> db.admin.runCommand("shutdown")
Thu May 05 11:57:01 DBClientCursor::init call() failed
Thu May 05 11:57:01 query failed : admin.$cmd

{ shutdown: "admin" }

to: 127.0.0.1
Thu May 05 11:57:01 Error: error doing query: failed shell/collection.js:150
Thu May 05 11:57:01 trying reconnect to 127.0.0.1
Thu May 05 11:57:02 reconnect 127.0.0.1 failed couldn't connect to server 127.0.0.1
>

The shutdown command should have failed with the same error as the find.



 Comments   
Comment by Eliot Horowitz (Inactive) [ 01/Dec/11 ]

This is a dupe of SERVER-3773
We should just make sure there is a test.

Generated at Thu Feb 08 03:01:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.