Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13148

Authentication still holds after user removed

XMLWordPrintableJSON

    • ALL
    • Hide

      Ensure there is already an user with userAdminAnyDatabase privilege.
      Run mongod with --auth option
      Open mongo shell
      use admin
      db.auth(<superusername>,<superuserpw>)
      use try
      db.addUser(

      {user:"a",pwd:"a",roles:["userAdmin"]}

      )
      db.auth("a","a")
      db.removeUser("a")
      db.addUser(

      {user:"a",pwd:"b",roles:["read"]}

      )
      Check whether user b is added

      Show
      Ensure there is already an user with userAdminAnyDatabase privilege. Run mongod with --auth option Open mongo shell use admin db.auth(<superusername>,<superuserpw>) use try db.addUser( {user:"a",pwd:"a",roles:["userAdmin"]} ) db.auth("a","a") db.removeUser("a") db.addUser( {user:"a",pwd:"b",roles:["read"]} ) Check whether user b is added

      We have database called "try" and a user with "userAdmin" privilege on that database named "userA".

      First we authenticate userA using
      db.auth("userA","a")
      Then, we remove userA using
      db.removeUser("userA")
      Then, we try to add a user on database "try"
      db.addUser(

      {user:"userB",pwd:"b",roles:["read"]}

      )
      It still works!
      Now we authenticate B
      db.auth("userB")
      And see the content of Database
      db.customers.find()
      This shows the documents.

      The problem is, the user authentication seems to be still there even after the user itself being removed. The removeUser() implementation should call db.runCommand(

      {logout:1}

      ) if the current authenticated user is the user being removed.

      For note, I tried it in an --auth enabled environment.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            wongsolo yudho ahmad diponegoro
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: