Syslog entries in Mongodb - mongodb

When using the command
db["my_collectionName"].find()
in the mongo shell, my queries return:
"message" : "Permission denied # rb_sysopen - /var/log/syslog".
How do I go about solving this permission issue?

Make sure you have proper permissions for /data/db folder/directory.

You can try:
sudo chown -R mongodb:mongodb /data/db
Check all paths in mongodb config (/etc/mongod.conf) and assign right permission (dbpath, logpath...)

Related

Unable to determine status of lock file in the data directory

I am trying to run multiple mongod instances on the same centos machine with different config files.
I am getting following error while running the instance as a service:
sudo service mongod1 start
/var/lib/mongo1: boost::filesystem::status: Permission denied: "/var/lib/mongo1/mongod.lock"
I have added the permissions for the /var/lib/mongo1 using:
sudo chmod -R 600 /var/lib/mongo1
I also tried with 700, 755 and 777 at the end but nothing seems to work.
mongod:mongod is the owner of the folder /var/lib/mongo1
Any help is appreciated.
I know this is really late but I was struggling with this for days and just now found the fix. That being said for future users running into this issue the solution if you're using SELinux is to check the context of the default mongodb path against your own to make sure they are the same by executing
ls -dZ /var/lib/mongo/
the output should look something like this
drwxr-xr-x. mongod mongod system_u:object_r:mongod_var_lib_t:s0 /var/lib/mongo/
if it's not then you can copy it by doing
chcon -R --reference=/var/lib/mongo /your/path
the source can be found here
Maybe the lock file is missing? Which might explain why chmod isn't having the desired effect...
Try:
touch /var/mongo1/mongod.lock
chown mongod:mongod
chmod 600 /var/mongo1/mongod.lock
important :
Don't try to restart mongo using sudo as it tries to change the user to root where as /var/lib/mongodb owner is mongod:mongod
Please remember that Directories needs to have execute permission, but the files within the directories do not need to execute permission.
The following 2 commands worked for me
$ sudo chmod -R 770 /var/lib/mongo1
$ sudo find /var/lib/mongo1 -type f -exec chmod 660 {} \;
This will first give everything under /var/lib/mongo1 execute permission, and then return all the normal files to having only read and write, but not execute.

MongoDB config error

Pretext: this has been asked before and i've tried implementing several solutions from previous posters. The only thing i can seem to get working is running mongo as sudo.
I'm not exactly sure what i'm doing wrong. I'm trying to do a tutorial using mongodb and every time i try to run the software i get back an error that its in a read-only directory. I'm on a mac running OS Sierra, i can force run it with sudo but i know thats wrong. I've been searching for an answer for awhile and i have already adjusted the folder permissions to 775 and nothing, then 777, still nothing.
Any help pointing me in the right direction would be greatly appreciated!
to resolve the "warning soft rlimits to low" check out this link - https://gist.github.com/tamitutor/6a1e41eec0ce021a9718
Lets start over as you are bouncing around on what you are trying.
Open activity monitor and kill any mongod process.
Go to your terminal and type which mongo - lets say it shows you download directory
cd to that directory and you should be in the bin directory
cd /mongo download directory/bin
sudo bash
mkdir -p /data/db
chmod 777 /data
chmod 777 /data/db
ls -ld /data/db this will validate you see the data/db directory as 777
exit
You're back in your mongo bin directory - if you are in /usr/local/bin skip this part.
If you are not in /usr/local/bin you will need to copy the mongo files to /usr/local/bin
sudo bash
ls - make sure you are in the correct directory
cp * /usr/local/bin
exit
which mongo should now show /usr/local/bin
type mongod to start it
open a new terminal and type mongo to connect to the instance
I recommend downloading Robo 3T (formally RoboMongo) to quickly check that you can connect.
If you do those steps, you should have no issues connecting to your local Mongo instance.
Your mongod.conf files should be in /usr/local/etc - check there to confirm you have your local host set.
Should be like net:
bindIp:127.0.0.1

issues in changing the dbpath in mongodb

i was having problem in starting up my mogodb server..(in ubuntu 16.04 LTS)
i type in the command "monogod" in the terminal and this is what i get.....
ERROR: dbpath (/data/db) does not exist.
Create this directory or give existing directory in --dbpath.
i understand that this means that the directory /data/db/ does not exist so to resolve it i type in .... mongod --dbpath /data/db/
but once again i get the same error. i've googled the error many times but to no avail
can someone please help.. i am entirely new to this whole thing...
Thank You
"ERROR: dbpath (/data/db) does not exist" means that the directory does not exist.
You need to make the directory.
Try:
mkdir -p /data/db
If you get a "permission denied" error, run:
sudo mkdir -p /data/db
and then type in your administrator/root password.
Read more about creating directories.

FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied

I believe I ended up mixing up permissions at /etc/ssl directories tree as the last modification was made on 18th November and a day after I could not get my PostgreSQL to work.
When I type in
sudo service postgresql start
I get
FATAL: could not access private key file “/etc/ssl/private/ssl-cert-snakeoil.key”: Permission denied
Checking permissions
~$ sudo -i
~$ ls -la /etc/ssl/private
drw-r----- 2 root ssl-cert 4096 Nov 18 21:10 .
-rwxrwxrwx 1 postgres postgres 1704 Set 4 11:26 ssl-cert-snakeoil.key
Checking group composition
~$ id postgres
uid=114(postgres) gid=127(postgres) groups=127(postgres),114(ssl-cert)
Also I noticed that my ssl-cert-snakeoil.pem file at /etc/ssl/certs/ doesn't have a symlink. I don't know if this makes any difference...
Please, help me sort this out.
Thanks.
Edit: Should it be posted on serverfault instead?
Try adding postgres user to the group ssl-cert
Run the below code to fix your issue:
# > It happened to me and it turned out that I removed erroneously the postgres user from "ssl-cert" group, set it back with
sudo gpasswd -a postgres ssl-cert
# Fixed ownership and mode
sudo chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 740 /etc/ssl/private/ssl-cert-snakeoil.key
# now postgresql starts! (and install command doesn't fail anymore)
sudo /etc/init.d/postgresql start
courtsey to GabLeRoux
Check the output of
$ sudo -u postgres
$ cd /etc/ssl/private
$ ls
If the response is "Permission denied" do
$ chown postgres:ssl-cert /etc/ssl/private/
$ chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil.key
Only thing that will work if you have changed permissions for /etc/ssl/private
mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
Copy this whole command (It's a one line code).
If this doesn't work for you, ckeck your postgres user groups by groups postgres and make sure your postgres user have ssl-cert root postgres (Order doesn't matter).
Now lets check your file permissions on ssl/private :
$ ls -la /etc/ssl/
> drwx------ 2 postgres root private
If this is not the output change your permissions with sudo chmod -R 700 /etc/ssl/private and for owners chown -R postgres:root /etc/ssl/private
//Now check permissions on ssl-cert-snakeoil.key,
//which will be inside your **private** directory.
$ ls -la /etc/ssl/private/ssl-cert-snakeoil.key
> -rwx------ 1 postgres root /etc/ssl/private/ssl-cert-snakeoil.key
I was suffering from this issue when attempting to start Postgresql on a remote docker instance. I eventually tracked down the crazy solution here. Basically you have to recreate the directories, chown on it's own doesn't work:
mkdir /etc/ssl/private-copy; mv /etc/ssl/private/* /etc/ssl/private-copy/; rm -r /etc/ssl/private; mv /etc/ssl/private-copy /etc/ssl/private; chmod -R 0700 /etc/ssl/private; chown -R postgres /etc/ssl/private
This error was preventing my PostgreSQL server from running locally.
The following worked for me:
sudo chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 600 /etc/ssl/private/ssl-cert-snakeoil.key
Also make sure that /etc/ssl/private has enough permissions.
Some programs can be incredibly pedantic and cost you valuable hours. By running journalctl after sudo systemctl start postgresql I'd see various errors like:
FATAL: could not load private key file "/etc/ssl/private/ssl-cert-snakeoil.key": Permission denied
FATAL: private key file "/etc/ssl/private/ssl-cert-snakeoil.key" must be owned by the database user or root
FATAL: private key file "/etc/ssl/private/ssl-cert-snakeoil.key" has group or world access
DETAIL: File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.
I couldn't make it with work sudo chmod root:root, so I had to settle for sudo chmod postgres:postgres.
EDIT
I haven't tried it, but running deleting and regenerating the snakeoil certificate might work as well:
make-ssl-cert generate-default-snakeoil --force-overwrite
(You may have to run it with sudo, don't know.)
Try setting permissions on the .key file to 600. Postgres doesn't like key files with group or world permissions set. You may also need to change the owner to postgres, though I'm not sure about that.
I am running the postgres server in WSL, and I was facing the error with the ssl-cert file. I managed to make it work by changing the owner of the file to the postgres user I had created, adding the expected user and group IDs to the user as required of the application (111 and 116, respectively, as gleaned from helpful error messages), and voila, I have an active server from within WSL.
sudo useradd postgres
sudo usermod -u 111 -g 116 -a -G ssl-cert postgres
sudo chown postgres /etc/ssl/private/ssl-cert-snakeoil.key
After running the above, there were two more files the user running the server (postgres for me) needed permission to access, both residing in /var/postgresql. I used sudo chown -- twice more to give ownership to postgres. Running sudo service postgresql start will tell you which files you'll need to transfer ownership of through any error messages.
I had other certificates under /etc/ssl/private and hence, changing permissions recursively was out of question.
I tried adding postgres user to ssl-cert group that didn't help either.
I modified the permission of /etc/ssl/private to 716, basically saying that anyone else other than root (user) and ssl-cert (group) can read and execute the directory.
sudo chmod 716 /etc/ssl/private
Then, I modified the ownership of ssl-cert-snakeoil.key
sudo chown postgres:postgres /etc/ssl/private/ssl-cert-snakeoil.key
This worked for me, basically a combination of the answers by #devops and #Noushad

Mongodb on Mavericks

I just updated to Mavericks and trying to get all my required tools and software in place.
My mongodb is not working after installing mongodb through brew.
I did: brew install mongodb --devel
Then, I ran mongod& on terminal. This gives me:
ERROR: dbpath (/data/db) does not exist.
Create this directory or give existing directory in --dbpath.
I tried creating a directory: mkdir -p /data/db and I got permission denied as the error.
I am referring to this website "http://docs.mongodb.org/manual/tutorial/install-mongodb-on-os-x/" and installing Mongo using Homebrew.
Has anyone faced this issue before? Where do I actually find /data/db directory to give permissions to it? I tried ls -la in my home folder, but couldn't find this directory.
Please ignore. Here is what helped me to solve the problem:
$ sudo mkdir -p /data/db/
$ sudo chown `id -u` /data/db