So, yes, this is something that should be fixed, however, if you have access to the database, you can just add data to it to tell Juju to spin up a unit on the bootstrap node that runs as root and you can then do whatever you want with it. So, while it would be better for appearances' sake to not have mongodb running as root, it doesn't actually close any security holes to a determined attacker. In addition, it's a non-trivial change, since it means we have to create a new user to run mongo as, and in theory upgrade old environments to fix them as well. My suggestion is that we leave it as high and deal with it later.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
