[DOCS-9770] Comment on: "manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set.txt" Created: 13/Jan/17 Updated: 03/Nov/17 Resolved: 13/Jan/17 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Antonio Kang | Assignee: | Ravind Kumar (Inactive) |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | collector-298ba4e7 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Amazon Linux AMI release 2015.09 Location: https://docs.mongodb.com/v3.2/tutorial/enforce-keyfile-access-control-in-existing-replica-set/ |
||
| Participants: | |
| Days since reply: | 7 years, 4 weeks, 5 days ago |
| Description |
|
"chmod 400 <path-to-keyfile>" is incorrect. When using 400 permission for the keyfile, the nodes are unable to join as a cluster. I had to use chmod 600 in order for the nodes to join as a cluster. |
| Comments |
| Comment by Ravind Kumar (Inactive) [ 13/Jan/17 ] |
|
Hi Antonio, Setting chmod 400 is correct. Adding write permissions for the owner should not make a difference as far as replication success. I'm cannot reproduce your issue, and this project isn't the best forum for extended debug support. I also confirmed with our security engineers that chmod 400 is the correct file permissions, and chmod 600 is unlikely to have resolved a replication issue. I am pleased that your cluster is working, but I would encourage you to post to the MongoDB Google group to see if our community support engineers can shed some light on what happened. Depending on the outcome of that case, we might have more specific changes to make to the documentation. I appreciate you creating a ticket and letting us know what happened. |