Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12960

Investigate changes in SERVER-41633: Ability to assign audit file permissions based on mongod's user group (not user)

XMLWordPrintableJSON

      Description

      Downstream Change Summary

      This introduces a new setting `processUmask`, the value provided must be in octal format. The bottom six bits will be honored (group/other), while the top three bits will be inherited from the system umask.

      This new setting is incompatible with `honorSystemUmask=true` for hopefully obvious reasons.

      Description of Linked Ticket

      Current audit configuration: 

      auditLog: 
          destination: file 
          format: JSON 
          path: /data/mongodb/audit/mongo_audit.log 

      Files are rotated using SIGUSR1 to the mongod's PID. 

      When using the audit feature, we want the audit file to have r/w permissions for the mongod group and not only the mongod user itself.

      Nowadays we are using the flag  honorSystemUmask:true , but we want to eliminate it for not all the users on the machine will have access to it

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            kanchana.sekhar@mongodb.com Kanchana Sekhar
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              3 years, 44 weeks ago