Permissions Issue When Upgrading MongoDB with Custom dbPath or logPath

mongodb permissions issueIn Linux distributions, installing MongoDB for the first time using rpm/dpkg will create a conf file, dbPath, logPath and the init scripts on default paths. This includes the creation of a mongod user/group and provides mongod permissions to both the default dbPath (/var/lib/mongo) and logPath (/var/log/mongodb/mongod.log). Then you edit the settings in the config file at /etc/mongod.conf for custom settings like dbPath in different locations and start mongod service as you need.

But this is a little different when you are doing an upgrade or changing between Percona Server for MongoDB (PSMDB) and upstream MongoDB as they include the removal of the existing package and install of the new version. This article explains the problem in some cases with restored user mongod permissions when you are using custom dbPath or logPath locations when reinstalling the packages, and how to overcome it.

Behavior When Upgrading MongoDB Package

We know that uninstalling the MongoDB package would remove the related packages. But especially when you are uninstalling PSMDB, the user mongod is also dropped along with the packages which cause the existing directories to lose permissions and it is left with the uid/gid of the dropped mongod user/group as shown below.

Before Uninstall:

Now remove the MongoDB Package:

After removing the packages, check the user permissions for the mongodb files. They are now assigned with 996:993 which was uid:gid of the dropped mongod user/group:

And when you are reinstalling the PSMDB or upstream MongoDB packages, it would install the packages and create the default directories and mongod user again if not available:

Now check the permissions of the db files on default dbpath:

Default Behavior of MongoDB Installation

If we look into the source code, the installation of the MongoDB package through rpm or through yum/apt-get repository creates the mongod user/group as system user/group as mentioned with SYS_UID_MIN/SYS_UID_MAX and SYS_GID_MIN/SYS_GID_MAX variables (for CentOS, the variables could be found in /etc/login.defs file). The MongoDB code related to it is shown below:

After that, the MongoDB-related directories and files are created and given with the mongod user permissions, as mentioned in the below code snippet, to the default ones. This applies to both PSMDB and upstream MongoDB installations.

Upstream MongoDB Code:

https://github.com/mongodb/mongo/blob/master/rpm/mongodb-org.spec

PSMDB Code:

https://github.com/percona/percona-server-mongodb/blob/master/percona-packaging/redhat/percona-server-mongodb.spec.template