[SERVER-5261] Include authentication information in currentOp results Created: 09/Mar/12  Updated: 08/Jan/24  Resolved: 14/Sep/18

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: 2.0.3
Fix Version/s: 4.1.4

Type: Improvement Priority: Major - P3
Reporter: Jared D. Cottrell Assignee: Jonathan Reams
Resolution: Done Votes: 11
Labels: platforms_security, pm-620
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-12089 Docs for SERVER-5261: Include authent... Closed
Duplicate
is duplicated by SERVER-35384 db.currentOp() doesn't show which use... Closed
is duplicated by SERVER-9814 Provide a command to list which users... Closed
is duplicated by SERVER-8935 Provide a mechanism for mongos to tel... Closed
Problem/Incident
causes SERVER-37195 mongos compile with dynamic linking f... Closed
Related
related to SERVER-7396 Make connPoolStats list which connect... Closed
is related to SERVER-26705 Need a command that lists all connect... Backlog
is related to SERVER-7538 When using profiling on a sharded sys... Backlog
is related to SERVER-34634 db.currentOp( { "$ownOps": true } ) s... Backlog
is related to SERVER-8935 Provide a mechanism for mongos to tel... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2018-09-10, Security 2018-09-24
Participants:
Case:

 Description   

It would be useful to have authentication information for each operation in the results of currentOp. In particular, the database and user.



 Comments   
Comment by Kyle Mertz [ 17/Nov/20 ]

Please backport this fix to 4.0.x since it's still under support.  We have no way of identifying the number of connections by username with 4.0.x.

Comment by Githook User [ 14/Sep/18 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-5261 Include authentication information in currentOp output
Branch: master
https://github.com/mongodb/mongo/commit/2ea069aa505c750cad6a7ba6ae6d4ac897f396d1

Comment by Githook User [ 14/Sep/18 ]

Author:

{'name': 'Jonathan Reams', 'email': 'jbreams@mongodb.com', 'username': 'jbreams'}

Message: SERVER-5261 Move audit metadata to community
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/067ae38bc684265fec23f45ecfed2f64c2cc3349

Comment by Francisco Andrade [ 23/Apr/15 ]

I thinks this is a usefull feature when we need to identify if it is an app is running a slow query or an user connecting to the database from the app server. I've seen the $comment tip somewhere else to help on this kind of need, but since currentOp can show the client IP, it would be better to show all other helpfull informations.

Since currentOp is only available for admin users, it would be better for this role to have access to every usefull information regarding the database administration.

If Im missing some function that may help on this specific scenario, please let me know.

Comment by Andreas Nilsson [ 23/Apr/15 ]

andrade no version of MongoDB currently supports this feature. The main reason is that it is somewhat inconsistent with our current security model since it potentially implies retrieving information about other users activities in the system.

Comment by Francisco Andrade [ 23/Apr/15 ]

The latest versions are returning the database and collection in the ns (namespace) field of currentOp.

Im using MongoDB 2.6.4. Does anyone know if newer versions returns the user running the operation?

Generated at Thu Feb 08 03:08:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.