Uploaded image for project: 'Percona Server for MongoDB'
  1. Percona Server for MongoDB
  2. PSMDB-234

provide an error when encryption keyfile can be read by anybody

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.5-2, 3.6.10-3.0
    • Component/s: None
    • Labels:
      None

      Description

      It would be good to disable usage of the keyfile for encryption if the permissions on the file are not good (for example if anybody on the system can access the file).

      Currently I can start mongod with encryption using this file:

      -rw-rw-r-- 1 plavi plavi   45 ruj   5 09:26 ekf
      

      It would be better to reject it.
      If we won't implement this then at least this should be mentioned in the docs since users could use something that is not appropriate.

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  igor.solodovnikov Igor Solodovnikov
                  Reporter:
                  tomislav.plavcic@percona.com Tomislav Plavcic
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 5 hours, 56 minutes
                    5h 56m