[SERVER-38244] Unix Permission required on data folder Created: 26/Nov/18  Updated: 28/Nov/18  Resolved: 26/Nov/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Taher Ahmed Assignee: Danny Hatcher (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

We are running a security scan on Mongo DB server using the guidelines provided by CIS organization. Following link gives the rules that are recommended by CIS and should be adhered to for considering a Mongo DB installation compliant. 

http://www.itsecure.hu/library/image/CIS_MongoDB_3.4_Benchmark_v1.0.0.pdf

Referring to point number 7.2 Ensure that database file permissions are set correctly (Scored), the permission required on the data directory should be set to 660. When we set the data directory to this permission, the server fails to start with a "Permission denied" error.

Could you please provide reference documentation which specifies the minimum required permissions for the mongo user on the data directory for smooth running of MongoDB Server?



 Comments   
Comment by Taher Ahmed [ 28/Nov/18 ]

Thank you Daniel.

Comment by Danny Hatcher (Inactive) [ 26/Nov/18 ]

Hello Taher,

I cannot speak to the document you linked as it was not created by MongoDB. Per our Production Notes, MongoDB requires read and write permissions on the files as well as the ability to run them in the first place. Thus, you should provide at least 700 to the dbpath when it is owned by the user running the mongod process.

Thank you,

Danny

Generated at Thu Feb 08 04:48:23 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.