mongodb runs as root user
Bug #1208430 reported by
James Page
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Won't Fix
|
Medium
|
Unassigned | ||
juju-core (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
I noticed that the mongodb instance that juju creates runs as root; this is not great from a priviledge escalation point of view - if the database is compromised by some sort of zero-day exploit in the future, then access to the database might mean root access to the server its running on.
description: | updated |
Changed in juju-core (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: mongodb |
Changed in juju-core (Ubuntu): | |
importance: | Medium → High |
Changed in juju-core: | |
milestone: | none → 1.18.0 |
Changed in juju-core: | |
importance: | High → Critical |
Changed in juju-core: | |
milestone: | 1.19.0 → none |
assignee: | Nate Finch (natefinch) → nobody |
Changed in juju-core: | |
importance: | High → Medium |
To post a comment you must log in.
Note that once we avoid direct access to the state db from agents and clients, we will have the mongo port blocked off by the cloud firewall. Which does limit the effectiveness of this.
We also run jujud itself as root, but generally we have to because we do things like creating LXC containers and installing packages on the machine.