mongoDB因root启动关闭数据库导致mongo普通用户无法启动

  最近，使用mongoDB数据库时，偶然使用了root启停数据库，导致后来mongo用户无法启动数据库，报权限拒绝，但是root可以正常启停mongoDB数据库。

  使用ROOT启动数据库

[root@mongo data]# mongod --dbpath=$MONGO_DATA --logpath=$MONGO_LOGS/mongodb.log --logappend&

[1] 3526

  查看mongoDB进程状态

[root@mongo data]# ps -ef|grep mongo

root      3526 46565 17 18:32 pts/2    00:00:01 mongod --dbpath=/opt/mongo/data --logpath=/opt/mongo/logs/mongodb.log --logappend

root      3546 46565  0 18:32 pts/2    00:00:00 grep mongo

root     46639 46622  0 Jun26 pts/5    00:00:00 su - mongo

mongo    46640 46639  0 Jun26 pts/5    00:00:00 –bash
 操作mongoDB数据库

[root@mongo data]# mongo

MongoDB shell version: 3.2.7

connecting to: test

Server has startup warnings:

2016-06-27T18:32:12.881-0700 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.

2016-06-27T18:32:12.881-0700 I CONTROL  [initandlisten]

> use zhul

switched to db zhul

> db.zhul.insert({"username":"test","id":123456});

WriteResult({ "nInserted" : 1 })

> db.zhul.findOne({"username":"test"});

{

         "_id" : ObjectId("5771d3d3a3eb04b5a2150f87"),

         "username" : "test",

         "id" : 123456

}

> exit

bye

[root@mongo data]#
 ROOT用户关闭mongoDB数据库

[root@mongo data]# mongo

MongoDB shell version: 3.2.7

connecting to: test

Server has startup warnings:

2016-06-27T18:32:12.881-0700 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.

2016-06-27T18:32:12.881-0700 I CONTROL  [initandlisten]

> use admin

switched to db admin

> db.shutdownServer();

server should be down...

2016-06-27T18:40:31.458-0700 I NETWORK  [thread1] trying reconnect to 127.0.0.1:27017 (127.0.0.1) failed

2016-06-27T18:40:31.459-0700 W NETWORK  [thread1] Failed to connect to 127.0.0.1:27017, reason: errno:111 Connection refused

2016-06-27T18:40:31.459-0700 I NETWORK  [thread1] reconnect 127.0.0.1:27017 (127.0.0.1) failed failed

> 

  切换至mongo用户启动数据库，发现启动后，进程立即退出

[mongo@mongo logs]$ mongod --dbpath=$MONGO_DATA --logpath=/opt/mongo/logs/mongodb.log  --logappend&

[1] 3725

[mongo@mongo logs]$

[1]+  Exit 100                mongod --dbpath=$MONGO_DATA --logpath=/opt/mongo/logs/mongodb.log --logappend

[mongo@mongo logs]$

  查看mogodb.log，提示权限拒绝

2016-06-27T18:41:32.979-0700 I CONTROL  [initandlisten]     distarch: x86_64

2016-06-27T18:41:32.979-0700 I CONTROL  [initandlisten]     target_arch: x86_64

2016-06-27T18:41:32.979-0700 I CONTROL  [initandlisten] options: { storage: { dbPath: "/opt/mongo/data" }, systemLog: { destination: "file", logAppend: true, path: "/opt/mongo/logs/mongodb.log" } }

2016-06-27T18:41:32.999-0700 I -        [initandlisten] Detected data files in /opt/mongo/data created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.

2016-06-27T18:41:32.999-0700 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),

2016-06-27T18:41:33.024-0700 E STORAGE  [initandlisten] WiredTiger (13) [1467078093:24444][3725:0x7fe458275c80], txn-recover: /opt/mongo/data/journal/WiredTigerLog.0000000021: handle-open: open: Permission denied

2016-06-27T18:41:33.024-0700 E STORAGE  [initandlisten] WiredTiger (13) [1467078093:24486][3725:0x7fe458275c80], txn-recover: Recovery failed: Permission denied

2016-06-27T18:41:33.033-0700 I -        [initandlisten] Assertion: 28595:13: Permission denied

2016-06-27T18:41:33.033-0700 I STORAGE  [initandlisten] exception in initAndListen: 28595 13: Permission denied, terminating

2016-06-27T18:41:33.033-0700 I CONTROL  [initandlisten] dbexit:  rc: 100

  网上有人说，启动数据库，需要恢复时会在tmp目录下生成一个mongodb-27017.sock文件，删除重新启动即可，但是事实证明不是这个文件导致的。

  Tmp目录下确实生成了.sock文件

[root@mongo tmp]# ls -l mongodb-27017.sock

srwx------. 1 mongo mongo 0 Jun 27 18:41 mongodb-27017.sock

[root@mongo tmp]#

  ROOT删除之

[root@mongo tmp]# rm -rf mongodb-27017.sock

[root@mongo tmp]#

  再次使用mongo用户启动mongoDB，发现问题依旧

[mongo@mongo logs]$ mongod --dbpath=$MONGO_DATA --logpath=/opt/mongo/logs/mongodb.log  --logappend&

[1] 3835

[mongo@mongo logs]$

[1]+  Exit 100                mongod --dbpath=$MONGO_DATA --logpath=/opt/mongo/logs/mongodb.log --logappend

[mongo@mongo logs]$

  根据日志报错提示WiredTiger权限拒绝，是不是有关wiredtiger文件权限问题，查看/opt/mongo/data、/opt/mongo/data/ journal文件下文件，发现确实有文件权限被改成了root:

[root@mongo data]# ls -l Wired*

-rw-rw-r--. 1 mongo mongo    46 Jun 11 01:31 WiredTiger

-rw-r--r--. 1 root  root   4096 Jun 27 18:40 WiredTigerLAS.wt

-rw-rw-r--. 1 mongo mongo    21 Jun 11 01:31 WiredTiger.lock

-rw-r--r--. 1 root  root    927 Jun 27 18:40 WiredTiger.turtle

-rw-rw-r--. 1 mongo mongo 94208 Jun 27 18:48 WiredTiger.wt

  修改权限：

[root@mongo data]# chown mongo:mongo WiredTigerLAS.wt

[root@mongo data]# chown mongo:mongo WiredTiger.turtle

[root@mongo data]# chmod 664 WiredTigerLAS.wt

[root@mongo data]# chmod 664 WiredTiger.turtle

[root@mongo data]# ls -l Wired*

-rw-rw-r--. 1 mongo mongo    46 Jun 11 01:31 WiredTiger

-rw-rw-r--. 1 mongo mongo  4096 Jun 27 18:40 WiredTigerLAS.wt

-rw-rw-r--. 1 mongo mongo    21 Jun 11 01:31 WiredTiger.lock

-rw-rw-r--. 1 mongo mongo   927 Jun 27 18:40 WiredTiger.turtle

-rw-rw-r--. 1 mongo mongo 94208 Jun 27 18:54 WiredTiger.wt

[root@mongo journal]# ls -l

total 409624

-rw-r--r--. 1 root  root       6912 Jun 27 18:40 WiredTigerLog.0000000021

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:41 WiredTigerLog.0000000022

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:48 WiredTigerLog.0000000023

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:54 WiredTigerLog.0000000024

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:55 WiredTigerLog.0000000025

[root@mongo journal]# chown mongo:mongo WiredTigerLog.0000000021

[root@mongo journal]# chmod 664 WiredTigerLog.0000000021

[root@mongo journal]# ls -l

total 409624

-rw-rw-r--. 1 mongo mongo      6912 Jun 27 18:40 WiredTigerLog.0000000021

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:41 WiredTigerLog.0000000022

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:48 WiredTigerLog.0000000023

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:54 WiredTigerLog.0000000024

-rw-rw-r--. 1 mongo mongo 104857728 Jun 27 18:55 WiredTigerLog.0000000025

[root@mongo journal]#

  再次使用mongo用户启动数据库，成功！

[mongo@mongo logs]$ mongod --dbpath=$MONGO_DATA --logpath=/opt/mongo/logs/mongodb.log  --logappend&

[1] 4073

[mongo@mongo logs]$

[mongo@mongo logs]$

[mongo@mongo logs]$

[mongo@mongo logs]$

[mongo@mongo logs]$

[mongo@mongo logs]$ tail -20 mongodb.log

2016-06-27T18:59:51.233-0700 I CONTROL  [main] ***** SERVER RESTARTED *****

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] MongoDB starting : pid=4073 port=27017 dbpath=/opt/mongo/data 64-bit host=mongo

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] db version v3.2.7

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] git version: 4249c1d2b5999ebbf1fdf3bc0e0e3b3ff5c0aaf2

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] allocator: tcmalloc

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] modules: none

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] build environment:

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten]     distarch: x86_64

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten]     target_arch: x86_64

2016-06-27T18:59:51.241-0700 I CONTROL  [initandlisten] options: { storage: { dbPath: "/opt/mongo/data" }, systemLog: { destination: "file", logAppend: true, path: "/opt/mongo/logs/mongodb.log" } }

2016-06-27T18:59:51.260-0700 I -        [initandlisten] Detected data files in /opt/mongo/data created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.

2016-06-27T18:59:51.261-0700 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),

2016-06-27T18:59:53.198-0700 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/opt/mongo/data/diagnostic.data'

2016-06-27T18:59:53.199-0700 I NETWORK  [initandlisten] waiting for connections on port 27017

2016-06-27T18:59:53.199-0700 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker

[mongo@mongo logs]$ ps -ef|grep mongo

mongo     4073 46640  6 18:59 pts/5    00:00:02 mongod --dbpath=/opt/mongo/data --logpath=/opt/mongo/logs/mongodb.log --logappend

mongo     4105 46640  0 19:00 pts/5    00:00:00 ps -ef

mongo     4106 46640  0 19:00 pts/5    00:00:00 grep mongo

root     46639 46622  0 Jun26 pts/5    00:00:00 su - mongo

mongo    46640 46639  0 Jun26 pts/5    00:00:00 -bash

[mongo@mongo logs]$ mongo

MongoDB shell version: 3.2.7

connecting to: test

> 
 问题成功解决！