[SERVER-5579] allow non-admin users to view db.currentOp() Created: 11/Apr/12  Updated: 19/May/14  Resolved: 12/Apr/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.0.4
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Ben Becker Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: authentication, currentOp, inprog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

From SERVER-2610, it may be desirable to allow non-admin users to view in-progress operations. One use case might involve shared hosting.

We could filter out unauthenticated databases in inProgCmd(). Might also want to audit existing operations to ensure we exclude all sensitive ops (e.g. query/update system.users), especially for read-only users.



 Comments   
Comment by Joe Davis [ 20/Sep/12 ]

We have transaction quota rules which automatically kill long running transactions, along with allowing users to kill their own long running/unresponsive queries.

This means we can only run mongodb as an admin user currently, since db.currentOp() is our only way of finding the opId for our current statement.

MySQL has the capability of only showing in progress commands for the db the user is authenticated for (eg the current database), so we can kill statements their without being admin.

Comment by auto [ 08/Jun/12 ]

Author:

{u'login': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: SERVER-5579 SERVER-2610 - Clarification to db.CurrentOp()
Branch: master
https://github.com/mongodb/docs/commit/db057c92ea098bcea468a32384ccbfab07724e81

Generated at Thu Feb 08 03:09:19 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.