[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core Importance: High = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
Critical is a stop the line type bug. No one is being assigned to it right now, so it isn't Critical. ** Changed in: juju-core Importance: Critical = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
So, yes, this is something that should be fixed, however, if you have access to the database, you can just add data to it to tell Juju to spin up a unit on the bootstrap node that runs as root and you can then do whatever you want with it. So, while it would be better for appearances' sake to not have mongodb running as root, it doesn't actually close any security holes to a determined attacker. In addition, it's a non-trivial change, since it means we have to create a new user to run mongo as, and in theory upgrade old environments to fix them as well. My suggestion is that we leave it as high and deal with it later. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core Milestone: 1.19.0 = None ** Changed in: juju-core Assignee: Nate Finch (natefinch) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
Reducing the security implications of running MongoDB is an important thing for us to do. It's not quite critical, because nobody is asking for it directly now, and the risk is still somewhat limited. But there is a risk, and I think the general policy of treating even security -- even relatively lower risk stuff -- as important is a good habit of mind for us. We are going to be at the center of a lot of important developments. On the other hand once you can control the MongoDB server, your opportunities for privilege escalation on hosts in that environment are probably greater in other directions. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core Milestone: None = 1.18.0 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
Nate, I think this is *very* closely related to what you're working on right now -- would you roll this into your pipeline please? ** Changed in: juju-core Assignee: (unassigned) = Nate Finch (natefinch) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core (Ubuntu) Importance: Medium = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
** Changed in: juju-core Status: New = Triaged ** Changed in: juju-core Importance: Undecided = High ** Tags added: mongodb -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1208430] Re: mongodb runs as root user
Note that once we avoid direct access to the state db from agents and clients, we will have the mongo port blocked off by the cloud firewall. Which does limit the effectiveness of this. We also run jujud itself as root, but generally we have to because we do things like creating LXC containers and installing packages on the machine. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
