Type: New Feature
Priority: Major - P3
Resolution: Won't Fix
Affects Version/s: 2.6.3, 2.7.5
Fix Version/s: None
It should be possible to configure processes like mongod and mongos, which sometimes need to read sensitive files like PEM and key files, to change the user they're running as after reading those files. If it is intended that mongod/mongos be able to run on privileged ports then binding to those ports should also happen before changing user.
The use case would be to allow sensitive files to be owned by root, start these processes as root, but then have them quickly change to running as an unprivileged user (e.g. mongodb) after reading the sensitive files or performing other privileged operations. Of particular interest would be the following files configurable through the command-line: