Details
This setting ensures that monogd service run as least privilege user.
Rationale:
Anyone who has been a victim of viruses, worms, and other malicious software (malware) will appreciate the security principle of least privilege. If all processes ran with the smallest set of privileges needed to perform the user’s tasks, it would be more difficult for malicious and annoying software to infect a machine and propagate to other machines.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Create a user which is only used for running Mongodb and directly related processes. This user must not have administrative rights to the system.
Steps to create user
useradd -m -d /home/mongodb -s /bin/bash -g mongodb -u 1234 mongodb
And then set ownership to mongodb user only
sudo chown -R mongodb:mongodb /data/db
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.