[SERVER-44440] Consider disallowing users from writing to special local database collections Created: 05/Nov/19  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Dianna Hohensee (Inactive) Assignee: Backlog - Storage Execution Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-29826 Prevent user writes to internal repli... Closed
is related to SERVER-38356 Forbid dropping oplog in standalone m... Closed
Assigned Teams:
Storage Execution
Participants:

 Description   

Some easy to extend mechanism to entirely (no auth loopholes, maybe standalone loophole) prevent user writes to certain collections, if it does not already exist, might be a good thing to have.

Specifically, repl code has expectations that the 'local.replset.minvalid' and 'local.replset.oplogTruncateAfterPoint' collections are not written to by users – e.g., we expect those collections to have a certain number of documents.

We should consider whether backup needs to be allowed write access, or other downstream products. Also whether downstream products perhaps only need access in standalone mode, so we could target repl mode specifically for disallowing the writes and disallowing incorrect config on startup.


Generated at Thu Feb 08 05:05:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.