<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:45:22 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-17717]  security.authorization: disabled does not work in 3.01</title>
                <link>https://jira.mongodb.org/browse/SERVER-17717</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Hi,&lt;br/&gt;
I am flagging this as a bug, as the mongod dev user google is full of people having problems with the 3.01 security configuration.  People can&apos;t get into the web console or list databases or list users  because of this bug. My hypothesis is when the disable auth option went away the replacement authorization is faulty.  Here is my configuration file, using this I can connect but can&apos;t access the test db or admin db or create a user..or use webadmin&lt;/p&gt;

&lt;p&gt;storage:&lt;br/&gt;
   dbPath: &quot;c:/data&quot;&lt;br/&gt;
   journal:&lt;br/&gt;
      enabled: true&lt;/p&gt;

&lt;p&gt;systemLog:&lt;br/&gt;
   destination: file&lt;br/&gt;
   path: &quot;C:/mongologs/mongodb.log&quot;&lt;br/&gt;
   logAppend: true&lt;/p&gt;

&lt;p&gt;net:&lt;br/&gt;
   bindIp: 11.1.1.2&lt;br/&gt;
   port: 27017&lt;br/&gt;
   http.enabled: true&lt;br/&gt;
   http.RESTInterfaceEnabled : true&lt;/p&gt;

&lt;p&gt;security:&lt;br/&gt;
   authorization: disabled&lt;/p&gt;

&lt;p&gt;replication:&lt;br/&gt;
   oplogSizeMB: 10240&lt;br/&gt;
   replSetName: &quot;rs1&quot;&lt;/p&gt;</description>
                <environment></environment>
        <key id="191609">SERVER-17717</key>
            <summary> security.authorization: disabled does not work in 3.01</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="andreas.nilsson">Andreas Nilsson</assignee>
                                    <reporter username="heropurpose">Daniel Sidman</reporter>
                        <labels>
                    </labels>
                <created>Tue, 24 Mar 2015 15:46:15 +0000</created>
                <updated>Mon, 30 Mar 2015 19:12:56 +0000</updated>
                            <resolved>Tue, 24 Mar 2015 18:45:52 +0000</resolved>
                                    <version>3.0.1</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="862685" author="andreas.nilsson@10gen.com" created="Tue, 24 Mar 2015 18:45:29 +0000"  >&lt;p&gt;No problem!&lt;/p&gt;</comment>
                            <comment id="862677" author="heropurpose" created="Tue, 24 Mar 2015 18:42:30 +0000"  >&lt;p&gt;I found the problem, the replication setting made it a secondary server....not the master, that is why I could not do mongo operations.&lt;/p&gt;

&lt;p&gt;Please close the ticket.  Thanks for your help!&lt;/p&gt;</comment>
                            <comment id="862664" author="andreas.nilsson@10gen.com" created="Tue, 24 Mar 2015 18:39:48 +0000"  >&lt;p&gt;There was a regression bug introduced in 3.0.1 with regards to the web interface prompting for user name and password when it need not. This has been fixed in the master branch.&lt;/p&gt;

&lt;p&gt;As for the shell I haven&apos;t heard any other complaints. You can bootstrap the auth system either by: &lt;br/&gt;
1. starting mongod without the --auth flag/authorization: enabled in which case all permissions should be open.&lt;br/&gt;
2. starting with access control enabled and use the localhost exception to create your first admin user. Once that user has been created you will need to login with that user to perform subsequent operations.&lt;/p&gt;

&lt;p&gt;If you can&apos;t get it to work, can you provide your configuration file and your mongod/mongo command line arguments and I will have a look at it.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Andreas&lt;/p&gt;</comment>
                            <comment id="862489" author="heropurpose" created="Tue, 24 Mar 2015 16:56:02 +0000"  >&lt;p&gt;Hi,&lt;br/&gt;
Thanks for you quick response. Much appreciated.&lt;br/&gt;
I am trying this now with a new install of 3.01.  It seems to be a permission issue.&lt;br/&gt;
I thought with &lt;br/&gt;
security:&lt;br/&gt;
  authorization: disabled&lt;/p&gt;

&lt;p&gt; I should be able to connect with the mongo shell and be able to create users, just like using the legacy --noauth option for starting the server. I can connect but have no rights.  I was trying to use the admin page as a work-around but it prompts for a username and password.&lt;/p&gt;

&lt;p&gt;My goal is just to create some users.  This is an install and config issue, but I thought since so many people were having it, there was a bug?&lt;/p&gt;


</comment>
                            <comment id="862402" author="andreas.nilsson@10gen.com" created="Tue, 24 Mar 2015 16:01:37 +0000"  >&lt;p&gt;Thanks for your report &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=heropurpose&quot; class=&quot;user-hover&quot; rel=&quot;heropurpose&quot;&gt;heropurpose&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I believe the issues you mention above are different. The issue with the web console is addressed in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17669&quot; title=&quot;Remove auth prompt in webserver when auth is not enabled&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17669&quot;&gt;&lt;del&gt;SERVER-17669&lt;/del&gt;&lt;/a&gt; but web console auth is only supported for MONGODB-CR and not the newer SCRAM-SHA-1 protocol. We disencourage use of the web console except for backwards compatibility purposes.&lt;/p&gt;

&lt;p&gt;Can you elaborate on the exact problems you have seen with list databases and list users.&lt;/p&gt;

&lt;p&gt;Thank you,&lt;br/&gt;
Andreas&lt;/p&gt;

</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 24 Mar 2015 16:01:37 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 47 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 47 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>heropurpose</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrla1b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs7fav:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="458">Security 1 04/03/15</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;use this config file then try to create a user:&lt;/p&gt;

&lt;p&gt;storage:&lt;br/&gt;
   dbPath: &quot;c:/data&quot;&lt;br/&gt;
   journal:&lt;br/&gt;
      enabled: true&lt;br/&gt;
systemLog:&lt;br/&gt;
   destination: file&lt;br/&gt;
   path: &quot;C:/mongologs/mongodb.log&quot;&lt;br/&gt;
   logAppend: true&lt;br/&gt;
net:&lt;br/&gt;
   bindIp: 11.1.1.2&lt;br/&gt;
   port: 27017&lt;br/&gt;
   http.enabled: true&lt;br/&gt;
   http.RESTInterfaceEnabled : true&lt;br/&gt;
security:&lt;br/&gt;
   authorization: disabled&lt;br/&gt;
replication:&lt;br/&gt;
   oplogSizeMB: 10240&lt;br/&gt;
   replSetName: &quot;rs1&quot;&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsg65z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>