<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:28:37 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-31928] MongoDB 3.4.2 does not tighten world-readable permissions on pre-existing .dbshell file</title>
                <link>https://jira.mongodb.org/browse/SERVER-31928</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;After you announced the issue got fixed in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25335&quot; title=&quot;0002 umask yields world-readable .dbshell history file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25335&quot;&gt;&lt;del&gt;SERVER-25335&lt;/del&gt;&lt;/a&gt; issue (&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25335&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/SERVER-25335&lt;/a&gt;), I found the world-readable permissions problem to the &lt;b&gt;.dbshell&lt;/b&gt; file still exists in MongoDB 3.4.2, which i have in my network.&lt;/p&gt;

&lt;p&gt;In the issue below, you fixed it on on 3.2 version of MongoDB. Please recheck it.&lt;/p&gt;

&lt;p&gt;Bar&lt;/p&gt;</description>
                <environment></environment>
        <key id="457686">SERVER-31928</key>
            <summary>MongoDB 3.4.2 does not tighten world-readable permissions on pre-existing .dbshell file</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13202">Works as Designed</resolution>
                                        <assignee username="ramon.fernandez@mongodb.com">Ramon Fernandez Marina</assignee>
                                    <reporter username="barronen1">Bar Ronen</reporter>
                        <labels>
                    </labels>
                <created>Sun, 12 Nov 2017 21:47:01 +0000</created>
                <updated>Fri, 27 Oct 2023 13:54:05 +0000</updated>
                            <resolved>Wed, 29 Nov 2017 22:50:27 +0000</resolved>
                                    <version>3.4.2</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="1737969" author="ramon.fernandez" created="Wed, 29 Nov 2017 22:47:13 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=barronen1&quot; class=&quot;user-hover&quot; rel=&quot;barronen1&quot;&gt;barronen1&lt;/a&gt;, I can confirm that, when the &lt;tt&gt;.dbshell&lt;/tt&gt; file already exists, newer versions of MongoDB do not update its permissions &amp;#8211; it&apos;s only when the file doesn&apos;t exist that it&apos;s created with &lt;tt&gt;600&lt;/tt&gt; permissions. The two workarounds mentioned above should help if you need tighter permissions.&lt;/p&gt;

&lt;p&gt;I&apos;ve updated the ticket&apos;s summary to reflect the scenario you encountered (permissions on a pre-existing file not being updated), and resolving the ticket since:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;this is the minimally-intrusive behavior designed in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25335&quot; title=&quot;0002 umask yields world-readable .dbshell history file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25335&quot;&gt;&lt;del&gt;SERVER-25335&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;there are two simple workarounds for users needing tighter permissions&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Regards,&lt;br/&gt;
Ram&#243;n.&lt;/p&gt;</comment>
                            <comment id="1724038" author="ramon.fernandez" created="Mon, 13 Nov 2017 15:49:50 +0000"  >&lt;p&gt;I misread the version you&apos;re using as &lt;b&gt;3.2.4&lt;/b&gt; &amp;#8211; my apologies.&lt;/p&gt;

&lt;p&gt;I do believe the change in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25335&quot; title=&quot;0002 umask yields world-readable .dbshell history file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25335&quot;&gt;&lt;del&gt;SERVER-25335&lt;/del&gt;&lt;/a&gt; only sets more restrictive permissions when creating the file, but if the file exists already it will not change permissions to &lt;tt&gt;600&lt;/tt&gt; &amp;#8211; I&apos;ll check, but if that&apos;s the case then this is expected behavior.&lt;/p&gt;

&lt;p&gt;As Eric points out, you can delete the file; alternatively, you can &lt;tt&gt;chmod 600 ~/.dbshell&lt;/tt&gt; if you need more restrictive permissions for this file.&lt;/p&gt;</comment>
                            <comment id="1723950" author="milkie" created="Mon, 13 Nov 2017 14:25:06 +0000"  >&lt;p&gt;You could also delete the .dbshell file and it will be recreated the next time you launch the shell, with the new restricted permissions.  (You would lose all your command line history if you did that.)&lt;/p&gt;</comment>
                            <comment id="1723942" author="barronen1" created="Mon, 13 Nov 2017 14:19:13 +0000"  >&lt;p&gt;I understand,&lt;br/&gt;
so if I had MongoDB version earlier than 3.2.14 (before the fix), and then upgraded to 3.4.2, Maybe the &lt;b&gt;.dbshell&lt;/b&gt; file permissions stayed the same because of the upgrade, and only re-installing the system will apply the fix?&lt;/p&gt;</comment>
                            <comment id="1723655" author="ramon.fernandez" created="Sun, 12 Nov 2017 22:50:28 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=barronen1&quot; class=&quot;user-hover&quot; rel=&quot;barronen1&quot;&gt;barronen1&lt;/a&gt;,  &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25335&quot; title=&quot;0002 umask yields world-readable .dbshell history file&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25335&quot;&gt;&lt;del&gt;SERVER-25335&lt;/del&gt;&lt;/a&gt; got fixed in 3.2.14 &amp;#8211; if you&apos;re using 3.2.4 the behavior you describe is expected, and you need to upgrade to 3.2.14.&lt;/p&gt;

&lt;p&gt;If you&apos;ll be upgrading, I&apos;d recommend you move to MongoDB 3.4, which also includes a fix for this issue and will allow you to more easily upgrade to MongoDB 3.6 in the future.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Ram&#243;n.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sun, 12 Nov 2017 22:50:28 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        6 years, 11 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            6 years, 11 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>barronen1</customfieldvalue>
            <customfieldvalue>milkie@mongodb.com</customfieldvalue>
            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htjtl3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htbjrr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htjfov:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>