[SERVER-38244] Unix Permission required on data folder Created: 26/Nov/18 Updated: 28/Nov/18 Resolved: 26/Nov/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Taher Ahmed | Assignee: | Danny Hatcher (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
We are running a security scan on Mongo DB server using the guidelines provided by CIS organization. Following link gives the rules that are recommended by CIS and should be adhered to for considering a Mongo DB installation compliant. http://www.itsecure.hu/library/image/CIS_MongoDB_3.4_Benchmark_v1.0.0.pdf Referring to point number 7.2 Ensure that database file permissions are set correctly (Scored), the permission required on the data directory should be set to 660. When we set the data directory to this permission, the server fails to start with a "Permission denied" error. Could you please provide reference documentation which specifies the minimum required permissions for the mongo user on the data directory for smooth running of MongoDB Server? |
| Comments |
| Comment by Taher Ahmed [ 28/Nov/18 ] |
|
Thank you Daniel. |
| Comment by Danny Hatcher (Inactive) [ 26/Nov/18 ] |
|
Hello Taher, I cannot speak to the document you linked as it was not created by MongoDB. Per our Production Notes, MongoDB requires read and write permissions on the files as well as the ability to run them in the first place. Thus, you should provide at least 700 to the dbpath when it is owned by the user running the mongod process. Thank you, Danny |