Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16425

Remove action type for emptycapped command

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.6.4
    • Component/s: Security
    • Server Security

      mongo started as non-root user with C/R mechanism enabled .

      mongod -f /opt/users/mongodbx/configs/f0ata.conf --setParameter enableTestCommands=1
      
      $ cat /opt/users/mongodbx/configs/f0ata.conf  (snippet below)
      net:
           bindIp: 1:2:3:4
           port: 29000
           ssl:
              mode:       requireSSL                    
              PEMKeyFile: /opt/users/mongodbx/ssl/mongodb.pem 
              CAFile:     /opt/users/mongodbx/ssl/ca.pem
              weakCertificateValidation: true           
              clusterFile: /opt/users/mongodbx/ssl/mongodb.pem
      security:
             authorization: enabled                    
             clusterAuthMode: x509 
      

      user mongodbx connects using shell without providing user name and password i.e. not authenticated.

      mongo --host az2-labs-esx2-app3:29000 --ssl admin
      MongoDB shell version: 2.6.4
      connecting to: az2-labs-esx2-app3:29000/admin
      rs_fata:PRIMARY> use anytoany
      switched to db anytoany
      rs_fata:PRIMARY> show collections
      2014-12-02T14:19:02.317-0700 error: {
              "$err" : "not authorized for query on anytoany.system.namespaces",                
              "code" : 13                                  
      } at src/mongo/shell/query.js:131                             <= as expected.
      rs_fata:PRIMARY> db.runCommand( { emptycapped: "event"} ) 
      { "ok" : 1 }  <= Notice not authenticated !!                                                               
      rs_fata:PRIMARY> show collections
      2014-12-02T14:19:50.035-0700 error: {
              "$err" : "not authorized for query on anytoany.system.namespaces",
              "code" : 13
      } at src/mongo/shell/query.js:131  <= expected though.
      
      rs_fata:PRIMARY> use admin
      switched to db admin
      rs_fata:PRIMARY> db.auth("mongodba","********")
      1
      rs_fata:PRIMARY> use anytotany
      switched to db anytotany
      rs_fata:PRIMARY> db.event.count()
      0                      <= works as expected since user is authenticated.
      

      Is this a bug or expected behaviour ?

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            DN Dharmaraj Narayan
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: