Uploaded image for project: 'Percona Server for MongoDB'
  1. Percona Server for MongoDB
  2. PSMDB-234

provide an error when encryption keyfile can be read by anybody

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.10-3.0, 4.0.5-2
    • Component/s: None
    • Labels:
      None

      Description

      It would be good to disable usage of the keyfile for encryption if the permissions on the file are not good (for example if anybody on the system can access the file).

      Currently I can start mongod with encryption using this file:

      -rw-rw-r-- 1 plavi plavi   45 ruj   5 09:26 ekf
      

      It would be better to reject it.
      If we won't implement this then at least this should be mentioned in the docs since users could use something that is not appropriate.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              igor.solodovnikov Igor Solodovnikov
              Reporter:
              tomislav.plavcic@percona.com Tomislav Plavcic
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours, 56 minutes
                  5h 56m

                    Smart Checklist