accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2806) Accumulo init should ensure wals and tables are not world readable
Date Wed, 14 May 2014 18:23:15 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13997850#comment-13997850
] 

Christopher Tubbs commented on ACCUMULO-2806:
---------------------------------------------

Clients do not need access to /accumulo/instance_id. They should not be using that. They should
be specifying their instance with the ZooKeeperInstance with an instanceName. Some client
commands (notably, the shell) will default to trying to read HDFS for the instance_id if no
ZK options are specified. I think that's fine to fail if they aren't running as the same user
as the accumulo services. We should just lock down the parent directory.

As an aside, do you know what the expected behavior is if the specified volume(s) already
exist/don't exist in HDFS is when you execute init? This ticket seems to imply the pre-1.6
behavior with only a single HDFS path. How do the new multiple volumes configuration change
this ticket (if at all)?

> Accumulo init should ensure wals and tables are not world readable
> ------------------------------------------------------------------
>
>                 Key: ACCUMULO-2806
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2806
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.0
>            Reporter: Sean Busbey
>            Priority: Critical
>             Fix For: 1.6.1, 1.7.0
>
>
> Just did an init on a new 1.6.1-SNAP cluster, and noticed the following permissions:
> {noformat}
> dfs -ls /
> Found 4 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:48 /accumulo
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 08:10 /jobtracker
> drwxrwxrwx   - hdfs     supergroup          0 2014-05-14 08:10 /tmp
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 09:48 /user
> -bash-4.1$ hdfs dfs -ls /accumulo
> Found 3 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 /accumulo/instance_id
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 /accumulo/tables
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 /accumulo/version
> {noformat}
> I previously set up /accumulo as 755, under the understanding that clients need access
to /accumulo/instance_id
> things to fix
> # make init chmod tables and wals to 700, as a defensive measure to avoid data leaks
> # maybe also make sure if the trash is enabled that our user directory is also not world
readable
> # If clients don't need access to instance_id, include a check that the data dir is not
world readable
> Workaround: manually change permissions after init



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message