[SERVER-4225] Adding first admin user to database via localhost works but returns error message Created: 08/Nov/11 Updated: 11/Jul/16 Resolved: 09/Jul/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Shell |
| Affects Version/s: | 2.1.2 |
| Fix Version/s: | 2.2.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||
| Description |
|
2.1 make getLastError require auth, which it didn't in 2.0 and earlier. > mkdir tempdb > mongo admin[19:11:52]> db.auth('admin','password') |
| Comments |
| Comment by Spencer Brody (Inactive) [ 09/Jul/12 ] |
|
Fixed for the shell, but may require additional changes in the drivers. |
| Comment by auto [ 03/Jul/12 ] |
|
Author: {u'date': u'2012-07-03T14:57:19-07:00', u'email': u'eliot@10gen.com', u'name': u'Eliot Horowitz'}Message: |
| Comment by Spencer Brody (Inactive) [ 28/Jun/12 ] |
|
Also, I can no longer reproduce this on 2.0.2. I'm starting to think that was a typo and I meant 2.1.x? |
| Comment by Spencer Brody (Inactive) [ 28/Jun/12 ] |
|
This is a problem for more than just the shell. Most drivers call GLE in their addUser method to make sure the user was added successfully. This will make those calls return an exception, even when they succeeded, for adding the first user over localhost. |
| Comment by Spencer Brody (Inactive) [ 28/Jun/12 ] |
|
The problem is that if there's no admin users and you're connected over localhost, you're given full access and can insert into system.users to create the first user. When you try to call getLastError to check if the user was created successfully, however, the command is denied because there is now a user in existence and you're still unauthenticated. |