Permission denied running openssl in preparation for creating replica set

“permission denied” response when
sudo openssl rand -base64 741 > /var/mongodb/pki/m103-keyfile
when preparing for setting up replica set.

I installe
vagrant plugin install vagrant-vbguest
and quit with vagrant halt and rebooted.
Still same result with or without sudo.
Is m103-keyfile a directory or file? I tried touching a file of that name in case that was the problem, but got same message: permission denied.
Any advice?

Hi
Are you sure that you reopened a session to the virtual machine using vagrant ssh after reboot and before trying the sudo, and that you are not trying to run sudo on your host rather than inside the VM?

I have a confusing requirement to cd up two levels after vagrant ssh if I am to access shared folders and the diagnostic files etc. I actually lose the tilda in the command prompt. I don’t know if this means anything. I’m also aware that I didn’t install the ming-get-setup.exe on the last reinstall, which I’ve redone several times over trying to get to grips with the virtual machine environment. I actually start up vagrant from my cygwin directory now, because powershell and cmd line were doing weird things for me. The cygwin terminal is great.
Here’s my attempt to apply the openssl.
Last login: Mon Dec 10 09:10:47 2018 from 10.0.2.2
vagrant@m103:~ cd ../../ vagrant@m103:/ ls
bin dataset home lib64 mnt project sbin tmp var
boot dev initrd.img lost+found opt root srv usr vmlinuz
data etc lib media proc run sys vagrant
vagrant@m103:/ ls var backups chef lib lock m103 mongodb run tmp cache crash local log mail opt spool vagrant@m103:/ ls var/mongodb
db pki
vagrant@m103:/$ openssl rand -base64 741 > /var/mongodb/pki/m103-keyfile
-bash: /var/mongodb/pki/m103-keyfile: Permission denied

Hi Brian_18814,

Use sudo while making changes to file under /var/mongodb directory.

  • In Lab, it is mentioned to change directory permissions before creating keyfile.

    vagrant@m103:~$ sudo mkdir -p /var/mongodb/pki
    vagrant@m103:~$ sudo chown vagrant:vagrant -R /var/mongodb
    
  • Then create the keyfile and change permission for the file.

    vagrant@m103:~$ openssl rand -base64 741 > /var/mongodb/pki/m103-keyfile
    vagrant@m103:~$ chmod 600 /var/mongodb/pki/m103-keyfile
    

Let me know if it works!

Kanika

1 Like

Good. I didn’t create the file again, but chowned the mongodb directory as you said and it then accepted, as far as I can tell, my openssl command.
Cheers to you Kanika.

1 Like

The important thing about sudo is that it does not apply to input and output redirection. The latter is what the “>” is for :slight_smile:

The reach of your escalated privileges (by using sudo) is limited to openssl rand -base64 741. Beyond that, the output redirection runs using your own account. And because the file /var/mongodb/pki/m103-keyfile is not writable to the “vagrant” user by default, that’s why the command fails.

This is also why, after chown-ing the directory tree, you no longer need sudo at all. Anything under /var/mongodb is writable to user “vagrant”.