7

I'm trying to restart (it is running) MongoDB on Ubuntu 14.04 but keep getting failures with this line in the log error getting file /srv/mongodb/keyfile: Permission denied

Here's directory structure

drwxr-xr-x  3 root    root     4096 Jan 31 05:54 srv/
drw-------  2 mongodb mongodb  4096 Jan 31 07:07 mongodb/
-rw-------  1 mongodb mongodb  876  Jan 31 07:07 keyfile

The user running mongod is "mongodb", group "mongodb" so it should be available for reading.

If I change permissions on mongodb/ and keyfile to -rw-r--r-- it becomes readable, but mongo claims it's too permissive of course

Going cookoo with this thing already. Any suggestion what's wrong here?

Improve this question

5 Answers 5

Reset to default
16

I've had the same problem before, and the solution I found and was not documented had to do with the context. If you are in Linux try:

ls -lahZ

That will display in list, all files, sizes in human readable and Z for contexts, I noticed that the keyFile must have "system_u:object_r:mongod_var_lib_t:s0" context, so it gets fixed with:

chcon system_u:object_r:mongod_var_lib_t:s0 mongodb-keyfile

Hope that helps!!

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

This was it! Can you please explain what the chcon cmd is adding to the keyfile permissions?
It's a SELinux issue, the context determines which files or folders have which permissions according to type, additional to the user and group permissions, more info here: access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/…
The keyfile was scp from primary host, and it had -r--------. mongod mongod unconfined_u:object_r:user_home_t:s0 keyfile. I used the chcon method you suggested and solved the issue.
The first step i must set mongodb-keyfile is own of mongod.
I tried to SCP all files under dbpath from replica set primary in order to recover a stale secondary. I had to run chcon -R system_u:object_r:mongod_var_lib_t:s0 /var/lib/mongo and also chown -R mongod:mongod /var/lib/mongo to get the green light on service mongod start
|
8

I got the mongod service working by changing the owner of the key file to mongod

sudo chown mongod:mongod mongodb.key

the mongod process owner is mongod which tries to access the file

Improve this answer

2 Comments

As you can see, the original post already had the right owner and permissions, that's why the top answer was not working for you, it asumed those were already in place.
For me it was sudo chown mongod /etc/ssl/mongo.pem because mongodb automatically creates a new user mongod to run the server
4

In addition to read and write permission for a directory, usually you must have an execute permission as well (more info at http://en.wikipedia.org/wiki/File_system_permissions#Permissions). So, you have to set the following permissions:

chmod 700 /srv/mongodb/
chmod 600 /srv/mongodb/keyfile
Improve this answer

1 Comment

Mongo key file does not require for you to have execution permissions it's only the context that is wrong in this specific case.
2

Since none of the answers here solved my problem, and I had the same problem exactly, I'll try to post what worked for me.

My solution:

  1. Stop Mongo
  2. Edit mongod.conf and temproraily comment out the attribute keyFile: /path/to/key
  3. Start Mongo
  4. sudo chown mongod </path/to/key>
  5. sudo chmod 400 </path/to/key>
  6. Remove comment from KeyFile attribute in mongod.conf
  7. Restart Mongo

Hope this helps

Improve this answer

1 Comment

As you can see, the original post already had the right owner and permissions, that's why the top answer was not working for you, it asumed those were already in place.
2

As I wrote in this post, the comment was right, mongo needs permissions not only in the keyfile, but in the directory:

I have just moved my keyfile from my home user /home/user/keyfile to a directory where mongodb is owner: /var/lib/mongodb/keyfile. Also remember keyfile must have 400 permissions and be owner and group of mongodb: chmod 400 keyfile chwon mongodb:mongodb keyfile

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.