Mongo security keyfile "permission denied"

[Stephen]

I'm added security to my mongo replica-set by following the user guide: http://docs.mongodb.org/manual/tutorial/deploy-replica-set-with-auth/

For the past 3 hours I've been getting a "Permission denied" error. I've googled this and all people are telling me is to change the perms ions, but I'm about to go insane because all permissions are granted to every user, and I've tried moving the file around to different folders. I'm using windows if that makes a difference.

My mongo log has this: "error opening file: [Path]: Permission denied"

I'm on step six: 

Start each member of the replica set with the appropriate options.

For each member, start a mongod and specify the key file and the name of the replica set. Also specify other parameters as needed for your deployment. For replication-specific parameters, seeReplication Options required by your deployment.

If your application connects to more than one replica set, each set should have a distinct name. Some drivers group replica set connections by replica set name.

The following example specifies parameters through the --keyFile and --replSet command-line options:

mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"

The following example specifies parameters through a configuration file:

mongod --config $HOME/.mongodb/config

In production deployments, you can configure a control script to manage this process. Control scripts are beyond the scope of this document.

Thanks for the help,

Stephen

[Will Berkeley]

You hid the path so I don't know exactly what can't be accessed / why it is being accessed (the keyfile?), but the problem is just what it's telling you - the permissions aren't set right. MongoDB (by default) runs as the mongodb user. Make sure this user has permissions on that file.

-Will

[Stephen Weaver]

Here are the details.

This is how the mongo service is installed:

mongod --config "C:\Program Files\MongoDB 2.6 Standard\mongod.cfg" --replSet rules_engine_rs --install

This is the config file:

Here is the keyfile security properties.

Here is the error that I get when try starting the service

Before I added the keyfile, everything was working fine.

Thanks for your help.

On Mon, Sep 29, 2014 at 12:11 PM, Will Berkeley <william....@mongodb.com> wrote:

You hid the path so I don't know exactly what can't be accessed / why it is being accessed (the keyfile?), but the problem is just what it's telling you - the permissions aren't set right. MongoDB (by default) runs as the mongodb user. Make sure this user has permissions on that file.

-Will

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/P2ZziSaXsUM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/05266fa4-87f0-4121-b7c9-7d6c7aa117f0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Ramon Fernandez]

What happens if you use the --keyFile command line switch instead? What user runs the mongod service?

[Stephen Weaver]

I've tried both way, same result.

[Stephen]

I've also tried several different users - all with administrator privileges.

[davidmo]

how come some of the slashes are nix and some are windows ? there is an inconsistency here. maybe it carries through to the path in the config file.

[Stephen Weaver]

I re-created the keyFile with openssl and now it works. Why? I don't know, but thanks for the input everyone.

--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
 
For other MongoDB technical support options, see: http://www.mongodb.org/about/support/.
---
You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/P2ZziSaXsUM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongodb-user.

To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/b49bdf6a-f0f8-4f08-bbf7-49223526b278%40googlegroups.com.

[Juan Manuel Diego González]

Just for the sake of sanity, in linux you can see the context of a file with "ls -lahZ" in there I found that the keyFile must be on "system_u:object_r:mongod_var_lib_t:s0" context, if it's any other way, it will throw "Permission denied", but that's on linux, that might give you a hint to know what happened.