6.1 Mongodb Database Running with Least Privileges

Information

This setting ensures that monogd service run as least privilege user.

Rationale:

Anyone who has been a victim of viruses, worms, and other malicious software (malware) will appreciate the security principle of least privilege. If all processes ran with the smallest set of privileges needed to perform the user's tasks, it would be more difficult for malicious and annoying software to infect a machine and propagate to other machines.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Create a user which is only used for running Mongodb and directly related processes. This user must not have administrative rights to the system. Steps to create user

useradd -m -d /home/mongodb -s /bin/bash -g mongodb -u 1234 mongodb

And then set ownership to mongodb user only

sudo chown -R mongodb:mongodb /data/db

See Also

https://workbench.cisecurity.org/files/1725