mongodb & /data/db directory permissions

Question

I'm trying to run mongod with its defaults so it's using the /data/db directory. I changed the owner of the data directory

sudo chown mongodb:mongodb /data -R

Like so many others i got the following error when first running mongod.:

2017-04-11T12:32:25.932-0500 I STORAGE  [initandlisten] exception in initAndListen: 28596 Unable to determine status of lock file in the data directory /data/db: boost::filesystem::status: Permission denied: "/data/db/mongod.lock", terminating

Which makes sense but what doesn't make sense is the only way i can actually run it mongod is if i:

chmod 777 /data -R

If i

   chmod 666 /data -R

i get the same error. Since this is supposed to be the data directory why does it require execute permission.

i added my user to the mongodb group

sudo usermod -g mongodb myuser

and then i tried

chmod 770 /data -R

and its still failing even through i'm a member of the mongodb group.

Why am i messing with all this? Because i want to secure the data directory appropriately and don't want to have to run with 777 security.

So the questions are:

1. Why is execute permission required
2. Why am i unable to run it when i was a member of the mongodb group?

Answer 1

Directories need to have execute permission, but the files within the directories do not need execute permission. Also, as noted by @franklinsijo, -R should be the first parameter to chmod.

To fix things I would do the following:

$ sudo chmod -R 770 /data
$ sudo find /data -type f -exec chmod 660 {} \;

This will first give everything under /data execute permission, and then return all the normal files to having only read and write, but not execute.