I am a bit confused on MongoDB documentation.(MongoDB on LINUX)
I am using a unit file customized for my purpose (not using built in mongod.service).
But when it comes to specifying processManagement.pidFilePath either in mongod.conf or in the unit file related to mongodb service(I want to start mongodb using systemd ) or in both.
What is the significance of pidfile.
Is it necessary/mandatory/compulsory to use it.
This option is generally only useful in combination with the
processManagement.fork
setting.
Linux
On Linux, PID file management is generally the responsibility of your distro's init system: usually a service file in the /etc/init.d directory, or a systemd unit file registered with systemctl. Only use the
processManagement.pidFilePath
option if you are not using one of these init systems.
WARNING
If you upgrade an existing instance of MongoDB to MongoDB 4.4.19, that instance may fail to start if fork: true is set in the mongod.conf file.
The upgrade issue affects all MongoDB instances that use .deb or .rpm installation packages. Installations that use the tarball (.tgz) release or other package types are not affected. For more information, see
SERVER-74345.
To remove the fork: true setting, run these commands from a system terminal:
systemctl stop mongod.service
sed -i.bak '/fork: true/d' /etc/mongod.conf
systemctl start mongod.service
The second systemctl command starts the upgraded instance after the setting is removed.
In short, you’ll generally need it if you’re forking the mongod process using the mongod --fork option. If you don’t, then you can ignore this setting, as far as I know.
If you need help with setting up the mongod server using systemd, there’s a Gist with configuration example provided by a community member that may be useful for you.
If this doesn’t work for you, could you please provide more details on what you’re trying to achieve, your MongoDB version, and what you have tried but haven’t been working so far?
I am testing replica set migration from Windows to Ubuntu.
I really want to know the need of pid file specification either in unit file or mongod.conf or both.
But as you said :
In short, you’ll generally need it if you’re forking the mongod process using the mongod --fork option. If you don’t, then you can ignore this setting, as far as I know.
I need this confirmation to move forward with my migration. Now I can avoid PID file specification.
Thanks for the help.
One last question is :
On Linux when we install MongoDB using the default method specified in documentation. MongoDB on Ubuntu
It creates ‘mongodb’ user and required DIR structure.
But the user ‘mongodb’ does not have a login or shell. Of course, Start , stop , status check , disable and enable of service is taken care by systemd.
root@ubuntu-002:~# su mongodb
This account is currently not available.
root@ubuntu-002:~#
root@ubuntu-002:~# cat /etc/passwd|grep mongodb
***mongodb:x:113:65534::/home/mongodb:/usr/sbin/nologin***
root@ubuntu-002:~#
root@ubuntu-002:~#
But if we want to login/connect to MongoDB using ‘mongo’ or ‘mongosh’ on local server where mongod is running to insert some documents, do we need to have ‘sudo’ privilege to ‘mongodb’ OS user or we need to use some other OS user with sudo privilege . Could you please let me know.
Incase if we need to use some other OS user from which we connect to MongoDB on local server , does it not pose a risk or cause problem.
If we are connecting to MongoDB using a OS user other than ‘mongodb’ then why the shell or login is disabled for ‘mongodb’ OS user. It could have been ‘mongodb’ too rather than some other OS user.
But read and write permissions on MongoDB data folder are with ‘mongodb’ OS user. Then
how can we use any other OS user on the local server to connect to MongoDB.
-rw------- 1 mongodb mongodb 21 Mar 14 16:02 WiredTiger.lock
-rw------- 1 mongodb mongodb 50 Mar 14 16:02 WiredTiger
-rw------- 1 mongodb mongodb 4096 Mar 14 16:02 WiredTigerHS.wt
drwx------ 2 mongodb mongodb 4096 Mar 14 16:02 journal
-rw------- 1 mongodb mongodb 114 Mar 14 16:02 storage.bson
-rw------- 1 mongodb mongodb 6 Mar 14 16:02 mongod.lock
drwx------ 2 mongodb mongodb 4096 Mar 14 16:02 admin
drwx------ 2 mongodb mongodb 4096 Mar 14 16:02 local
drwx------ 2 mongodb mongodb 4096 Mar 14 16:02 config
-rw------- 1 mongodb mongodb 20480 Mar 14 16:03 _mdb_catalog.wt
-rw------- 1 mongodb mongodb 20480 Mar 14 16:04 sizeStorer.wt
-rw------- 1 mongodb mongodb 69632 Mar 14 16:05 WiredTiger.wt
-rw------- 1 mongodb mongodb 1466 Mar 14 16:05 WiredTiger.turtle
drwx------ 2 mongodb mongodb 4096 Mar 14 16:06 diagnostic.data
ubuntu@ubuntu-002:~$ mongo
MongoDB shell version v4.4.13
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
You should not need to use sudo for things other than general server maintenance. In terms of connecting to MongoDB and securing it, you might want to have a look at Enable Access Control and the Security Checklist. The mongodb user and group are created for a specific reason, which is answered in your next question:
In short, that setup follows best practice for UNIX server/daemon software with regard to OS security. MongoDB security should be setup separately, and that involves setting up users and privileges in the database itself. This is the practice of other database servers installed in UNIX, not just MongoDB.