[SERVER-4265] Can't write to local database on a secondary if using --auth Created: 11/Nov/11 Updated: 30/Mar/12 Resolved: 23/Nov/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | 2.0.1 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Chris Westin | Assignee: | Kristina Chodorow (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
Without --auth: connecting [with auth] to: localhost:27888/admin ) With --auth: connecting [with auth] to: localhost:27888/flomeromity ) |
| Comments |
| Comment by Eliot Horowitz (Inactive) [ 23/Nov/11 ] | |||||||||||||||||||||
|
With --auth - access to local should definitely be restricted. | |||||||||||||||||||||
| Comment by T. Dampier [ 23/Nov/11 ] | |||||||||||||||||||||
|
Sorry, I think the description was unclear on an important point. I agree that when authenticated as an 'admin' user, this works exactly as Kristina demonstrates. But a NON-admin user – e.g., a user authenticated to the 'flomeromity' database in the example below – is unable to acquire the privilege to work with 'local'. Having said that, I can immediately see the argument for closing this issue as "working as designed" : why should a user of db 'foo' be able to muck with db 'local' any more than he would be able to muck with db 'bar'? If user wants to use 'local', user must be able to auth to 'local' (or, of course, to 'admin').
| |||||||||||||||||||||
| Comment by Kristina Chodorow (Inactive) [ 21/Nov/11 ] | |||||||||||||||||||||
|
Did you log in first? It works for me if I log in:
|