[SERVER-7902] mongo shell should read /etc/mongorc.js at startup before $HOME/.mongorc.js Created: 11/Dec/12  Updated: 16/Nov/21  Resolved: 07/May/13

Status: Closed
Project: Core Server
Component/s: Admin, Security, Shell
Affects Version/s: 2.2.0
Fix Version/s: 2.5.0

Type: Improvement Priority: Major - P3
Reporter: Simon Harvey Assignee: Andreas Nilsson
Resolution: Done Votes: 1
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

RHEL 6


Issue Links:
Depends
Related
Participants:

 Description   

Our security requirements stipulate that banner text should be displayed at all points of access to critical systems to advise that unauthorised access is not allowed. This should be supported by the mongo shell which should allow a MongoDB administator to specify a text file which will be shown as banner text every time someone uses the mongo shell - e.g. via a /etc/mongo file in a similar way to the /etc/motd file.



 Comments   
Comment by auto [ 07/May/13 ]

Author:

{u'date': u'2013-05-07T10:12:38Z', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}

Message: SERVER-7902 Visual Studio – add library to SpiderMonkey build
Branch: master
https://github.com/mongodb/mongo/commit/cee7ec3cbfbc26b7a765f43d74d51e2a5b7630fa

Comment by auto [ 06/May/13 ]

Author:

{u'date': u'2013-04-30T16:04:06Z', u'name': u'agralius', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7902 added support for global /etc/mongorc.js

The corresponding Windows path is
<ProgramData>\MongoDB\mongorc.js
Branch: master
https://github.com/mongodb/mongo/commit/f2bf885d383cab8d4c035abb3a6b5c7ce759c563

Comment by Johan Hedin [ 01/May/13 ]

I'll vote for this one as well, it's a usable feature.

@Eric:s suggestion above sounds good to me. But let the name of the file that mongo should look after in /etc be mongorc.js (without the leading dot). Hidden files in /etc is confusing.

Comment by Simon Harvey [ 18/Apr/13 ]

Eric - from my perspective I don't care about Windows.

Comment by Eric Milkie [ 18/Apr/13 ]

We can make the shell always execute a file named "/etc/mongorc.js" if it exists.
This will happen before running .mongorc.js in the user's home directory.
--norc command line parameter will only skip running .mongorc.js in the home directory and will have no effect on running the file in /etc.
Is it acceptable to not have a similar option for Windows?

Comment by Simon Harvey [ 18/Apr/13 ]

The first option sounds fine, i.e. the mongo shell always running a file in /etc if it exists; we could put the banner text there and it would be protected and in one place on the server. It should not be possible for the user to avoid getting this banner if they connect via the mongo shell, although I appreciate there are numerous other ways they could connect to MongoDB and avoid it.

Comment by Matt Kalan [ 04/Apr/13 ]

Simon, do you think it would be fine to make the shell look for a .mongorc.js in /etc/ and execute it automatically? Or would it work to symlink .mongorc.js in everyone's home directory to a common protected file somewhere?

Comment by Simon Harvey [ 02/Apr/13 ]

Eric,

I understand there would be ways of circumventing this, but all we are looking for is to have the mongo shell output the contents of a file such as /etc/mongo_banner (if it exists) when the shell command is invoked.

Regards,

Simon.

Comment by Eric Milkie [ 02/Apr/13 ]

The mongo shell connects just like every other client driver; we can't send it a message to display from the server without major work. Also, you could just write your own mongo shell using the C++ driver and it wouldn't display the message, so the message would still not be unavoidable.

Comment by Matt Kalan [ 02/Apr/13 ]

Yeah it needs to be definite that it always appears so a user can't avoid it. It sounds like best to configure on the server text that is sent to a Mongo shell client on connection.

Comment by Eric Milkie [ 02/Apr/13 ]

Can using a .mongorc file satisfy this requirement? You can print the message using Javascript in that file. You can still avoid running the file with a command-line parameter to the shell, however.

Generated at Thu Feb 08 03:15:54 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.