Setup & Run MongoDB on non-default filesystem and with non root user in Linux
When you use rpm installer for installing MongoDB on the Linux the mongod user will be created on the system and all the appropriate files are created and owned by mongod user. When starting mongod installed by the rpm files, it should be run by either root or using sudor.
Question here is how to change the mongod process to non-root or non-default user
Create user account [non-root/non-default]
First let’s create an own user / group
$> sudo adduser sysmongo
$> sudo passwd sysmongo
I don’t want to keep mongodb binaries on default instead I prefer to keep on my own filesystem/mount point based on my internal audit compliance
$> mkdir mongodb
$> mkdir -p mongodb/{binaries,data,log,pid}
So Iam going to keep all my mongodb related binaries/data/log/pid
Into these directories
/mongodb/binaries - binary files
/mongodb/data - data files + journal
/mongodb/log - mongo logs + audit logs
/mongodb/pid - pid file
Specifies a file location to store the process ID (PID) of the mongos or mongod process . The user running the mongod or mongos process must be able to write to this path. If the processManagement.pidFilePath option is not specified, the process does not create a PID file. This option is generally only useful in combination with the processManagement.fork setting.
LINUX
On Linux, PID file management is generally the responsibility of your distro’s init system: usually a service file in the /etc/init.d directory, or a systemd unit file registered with systemctl. Only use the processManagement.pidFilePath option if you are not using one of these init systems. For more information, please see the respective Installation Guide for your operating system.
Tips:-
mkdir -p mongodb/{binaries,data,log,pid}
This will help to create multiple directory under parent directory on single command
Change User Permission
$> chown sysmongo:sysmongo mongodb
$> chown -R sysmongo:sysmongo mongodb/
Download MongoDB
Let’s download the mongodb from download center you can download and copy the files or wget/curl
[https://www.mongodb.com/download-center/enterprise]
curl -OL https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.2.0.tgz
wget -OL https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-4.2.0.tgz
Uncompressing tar.gz file
$> tar xvzf mongodb-linux-x86_64-rhel70-4.2.0.tgz -C /mongodb/binaries
Tips:-
Where the -C argument is used to specify the path to place the file. By defaults files will be extracted into the current directory. To change the directory, we use -C option.
Create config File
$> vi /mongodb/pid/mongod.conf
# where to write logging data.
systemLog:
destination: file
logAppend: true
logRotate: reopen
path: /mongodb/log/mongod.log
# Where and how to store data.
storage:
dbPath: /mongodb/data
journal:
enabled: true
processManagement:
#fork: true # fork and run in background
pidFilePath: /mongodb/log/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,<ipaddress> # Enter 0.0.0.0,:: to bind to all IPv4
Ensure the binaries are in a directory listed in your PATH environment variable
$> vi ~/.bash_profile
PATH=$PATH:$HOME/bin:/mongodb/binaries/mongodb-linux-x86_64-rhel70-4.2.0/bin
export PATH
# save and Close then source it
$>source ~/.bash_profile
Create systemctl service for mongod
$> vi /etc/systemd/system/mongod.service
[Unit]
Description=mongod service
[Service]
User= sysmongo
Group= sysmongo
ExecStart=/mongodb/binaries/mongodb-linux-x86_64-rhel70-4.2.0/bin/mongod --config /mongodb/pid/mongod.conf
[Install]
WantedBy=multi-user.target
# save and enable service and start the service
$>systemctl enable mongod
$>systemctl start mongod
$>systemctl status mongod
mongod.service - mongod service
Loaded: loaded (/etc/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2019-10-15 05:43:28 UTC; 3h 14min ago
Main PID: 12133 (mongod)
CGroup: /system.slice/mongod.service
└─12133 /mongodb/binaries/mongodb-linux-x86_64-rhel70-4.2.0/bin/mongod --config /mongodb/pid/mongod.conf
Oct 15 05:43:28 mongotest1 systemd[1]: Started mongod service.
$> mongo --eval 'db.runCommand({connectionStatus:1})'
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("623f736a-f1aa-473d-b1be-6b50faf81c1e") }
MongoDB server version: 4.2.0
{
"authInfo" : {
"authenticatedUsers" : [ ],
"authenticatedUserRoles" : [ ]
},
"ok" : 1
}