|
Some config options specify the path to a file. Some of these treat an empty value as a relative path, which causes the option value to be the current working directory. This is normally not useful or intentional, and is likely to result in a cryptic error message later when the code attempts to use (what it expects to be) a file. Instead, the empty option value should be detected directly, and a straightforward error message returned.
For example, if the config file inadvertently contains:
...
|
security:
|
keyFile:
|
...
|
Then this can result in the following misleading error message(s):
$ mongod --config test.conf
|
2017-11-10T14:16:12.547+1100 I ACCESS [main] permissions on /home/kev are too open
|
$ mkdir test
|
$ cd test
|
$ chmod 700 .
|
$ mongod --config ~/test.conf
|
2017-11-10T14:16:16.846+1100 I ACCESS [main] error reading file: /home/kev/test
|
These error messages are not particularly useful in figuring out that the problem is that security.keyFile is empty.
The same is true with the command-line options:
$ mongod --keyFile ""
|
2017-11-10T14:17:26.763+1100 I ACCESS [main] permissions on /home/kev are too open
|
$ cd test
|
$ mongod --keyFile ""
|
2017-11-10T14:17:31.047+1100 I ACCESS [main] error reading file: /home/kev/test
|
The problem is that if keyFile has been set, then even if the value is an empty string, it still gets passed to boost::filesystem::absolute:
if (params.count("security.keyFile")) {
|
serverGlobalParams.keyFile =
|
boost::filesystem::absolute(params["security.keyFile"].as<string>()).generic_string();
|
serverGlobalParams.authState = ServerGlobalParams::AuthState::kEnabled;
|
}
|
The value needs to be checked, and the user informed directly that an empty value is invalid, eg:
if (params.count("security.keyFile")) {
|
auto keyFile = params["security.keyFile"].as<string>();
|
if (keyFile.empty()) {
|
return Status(ErrorCodes::BadValue, "--keyFile cannot be empty");
|
}
|
serverGlobalParams.keyFile = boost::filesystem::absolute(keyFile).generic_string();
|
serverGlobalParams.authState = ServerGlobalParams::AuthState::kEnabled;
|
}
|
Other similarly affected config options:
|