• Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.2.5
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • Security 13 (04/22/16)

      There seems to be a small bug inside the configuration security checks. It seems like is checking for the security.authorization parameter. However, this parameter isn't available in mongos.

      Should this check take in consideration the keyFile or any other internal authentication parameters which can also enable the authorization?

      /usr/bin/mongos --keyFile /tmp/mongodb-mms-automation.lock --configdb 127.0.0.1
      2016-04-19T15:11:51.224+0100 W SHARDING [main] Running a sharded cluster with fewer than 3 config servers should only be done for testing purposes and is not recommended for production.
      2016-04-19T15:11:51.229+0100 I CONTROL  [main] 
      2016-04-19T15:11:51.229+0100 I CONTROL  [main] ** WARNING: Insecure configuration, access control is not enabled and no --bind_ip has been specified.
      2016-04-19T15:11:51.229+0100 I CONTROL  [main] **          Read and write access to data and configuration is unrestricted, 
      2016-04-19T15:11:51.229+0100 I CONTROL  [main] **          and the server listens on all available network interfaces.
      2016-04-19T15:11:51.230+0100 I CONTROL  [main] 
      2016-04-19T15:11:51.230+0100 I ACCESS   [main] permissions on /tmp/mongodb-mms-automation.lock are too open
      

            Assignee:
            Unassigned Unassigned
            Reporter:
            ricardo.lorenzo Ricardo Lorenzo
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: