Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12960

Investigate changes in SERVER-41633: Ability to assign audit file permissions based on mongod's user group (not user)

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.1
    • Component/s: manual
    • Labels:
      None

      Description

      Description

      Downstream Change Summary

      This introduces a new setting `processUmask`, the value provided must be in octal format. The bottom six bits will be honored (group/other), while the top three bits will be inherited from the system umask.

      This new setting is incompatible with `honorSystemUmask=true` for hopefully obvious reasons.

      Description of Linked Ticket

      Current audit configuration: 

      auditLog: 
          destination: file 
          format: JSON 
          path: /data/mongodb/audit/mongo_audit.log 

      Files are rotated using SIGUSR1 to the mongod's PID. 

      When using the audit feature, we want the audit file to have r/w permissions for the mongod group and not only the mongod user itself.

      Nowadays we are using the flag  honorSystemUmask:true , but we want to eliminate it for not all the users on the machine will have access to it

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kanchana.sekhar Kanchana Sekhar
              Reporter:
              backlog-server-pm Backlog - Core Eng Program Management Team
              Participants:
              Last commenter:
              Kanchana Sekhar Kanchana Sekhar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                1 year, 22 weeks, 2 days ago
                Date of 1st Reply: