[SERVER-44008] Create User commands are not added to mongo shell history Created: 15/Oct/19  Updated: 27/Oct/23  Resolved: 16/Oct/19

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Oleg Pudeyev (Inactive) Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-3788 version of auth() that prompts for pa... Closed
is related to SERVER-46629 Write all shell commands to history Closed
Operating System: ALL
Participants:

 Description   

I just compiled 4.2 server and when I run commands against it from the 4.2 shell, which fail, the failing commands are not added to the history buffer.

Session log:

speed% /usr/local/m/versions/4.2/mongo  --ssl --sslCAFile  /home/w/apps/ruby-driver/spec/support/certificates/ca.crt --sslPEMKeyFile /home/w/apps/ruby-driver/spec/support/certificates/client-x509.pem 
2019-10-14T23:28:29.195-0400 W  CONTROL  [main] Option: ssl is deprecated. Please use tls instead.
2019-10-14T23:28:29.195-0400 W  CONTROL  [main] Option: sslPEMKeyFile is deprecated. Please use tlsCertificateKeyFile instead.
2019-10-14T23:28:29.195-0400 W  CONTROL  [main] Option: sslCAFile is deprecated. Please use tlsCAFile instead.
MongoDB shell version v4.2.1-rc0-7-g3135b6a
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("f1eb660c-31ea-440a-a74d-b8070d34655e") }
MongoDB server version: 4.2.1-rc0-7-g3135b6a
MongoDB Enterprise > db.serverStatus()
{
	"ok" : 0,
	"errmsg" : "not authorized on admin to execute command { serverStatus: 1.0, lsid: { id: UUID(\"f1eb660c-31ea-440a-a74d-b8070d34655e\") }, $db: \"admin\" }",
	"code" : 13,
	"codeName" : "Unauthorized"
}
MongoDB Enterprise > db.createUser()
2019-10-14T23:28:43.907-0400 E  QUERY    [js] uncaught exception: TypeError: userObj is undefined :
DB.prototype.createUser@src/mongo/shell/db.js:1336:9
@(shell):1:1
MongoDB Enterprise > db.createUser()
2019-10-14T23:28:58.226-0400 E  QUERY    [js] uncaught exception: TypeError: userObj is undefined :
DB.prototype.createUser@src/mongo/shell/db.js:1336:9
@(shell):1:1
MongoDB Enterprise > db.createUser({})
2019-10-14T23:29:04.637-0400 E  QUERY    [js] uncaught exception: Error: no 'user' field provided to 'createUser' function :
DB.prototype.createUser@src/mongo/shell/db.js:1338:15
@(shell):1:1
MongoDB Enterprise > db.createUser({user:'foo'})
2019-10-14T23:29:10.962-0400 E  QUERY    [js] uncaught exception: Error: couldn't add user: not authorized on test to execute command { createUser: "foo", writeConcern: { w: "majority", wtimeout: 600000.0 }, lsid: { id: UUID("f1eb660c-31ea-440a-a74d-b8070d34655e") }, $db: "test" } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1370:11
@(shell):1:1
MongoDB Enterprise > db.serverStatus()

Despite me issuing a number of commands, the next available command in the history is serverStatus.



 Comments   
Comment by Kevin Pulo [ 22/Oct/19 ]

See also https://jira.mongodb.org/browse/SERVER-3788?focusedCommentId=1982042&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1982042

Comment by Eric Milkie [ 16/Oct/19 ]

The blame for the line I linked shows that this was originally added in 2013, over 6 years ago. Even if well known security guidance was followed back then, security in general has greatly changed in the years since. Today, the highest security setups will not use passwords in the shell at all and instead will use an external authentication scheme.
It sounds like you could file a new SERVER ticket against the shell requesting the removal of history munging for all of the cases where we hide it today, for consideration.

Comment by Oleg Pudeyev (Inactive) [ 16/Oct/19 ]

When I connect to a server with the mongo shell using a URI, the plain text password is stored in my shell history. It is also available through the environment variables to all other processes on the same machine.

All applications connecting to MongoDB specify their passwords in plain text in the configuration files, or in the environment variables. This includes development, staging and production environments.

Therefore, while I agree that there is a theoretical security benefit in omitting createUser commands from history, I would argue that in practice the passwords that are not written to mongo shell's history file are written to other files anyway, thus the security benefit is not practically realized.

Is there well known security guidance that was followed when it was decided to completely omit createUser commands from history? As it is, there is a definite usability deficiency when a user uses this command, and it is not clear to me that the security benefit is meaningful.

Comment by Danny Hatcher (Inactive) [ 16/Oct/19 ]

Closing as Works as Designed

Comment by Eric Milkie [ 15/Oct/19 ]

It's not failing commands; it's the createUser() helper explicitly. Here's the code:
https://github.com/mongodb/mongo/blob/efde009845f32d8de2d094088628e67608bfa419/src/mongo/shell/dbshell.cpp#L249

Generated at Thu Feb 08 05:04:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.