-
Type:
New Feature
-
Resolution: Won't Fix
-
Priority:
Major - P3
-
None
-
Affects Version/s: 3.6.7, 4.0.2
-
Component/s: Logging
-
Labels:None
-
Server Security
-
Security 2019-01-14, Security 2019-01-28
-
(copied to CRM)
The mongod process creates log files using the same permissions as the underlying data files in the dbpath.
In some cases, admins or developers are called upon to review issues using the mongod/mongos logs even though they may not have permission to access the data files in the dbpath. The logs and data files all have a mode of either 600 or the mode based on the umask of the underlying process if honorSystemUmask is set. This is a request to allow for different permissions of the logfiles as opposed to the data files.
Although it can be argued that the same permissions are needed since the logs can contain sensitive data, this is certainly not the case when the logs are redatced. In any event, we could allow for the bifurcation of permissions between logs and data as an option, leaving the decision in the customers hands.
- depends on
-
SERVER-38464 Add setParameter for custom FTDC data directory
-
- Closed
-
- related to
-
SERVER-36977 Initial mongod.log is created using umask vs mode 600
-
- Closed
-
- mentioned in
-
Page Loading...