accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-3344) memDump file should be 600, not 644 permissions
Date Wed, 19 Nov 2014 17:29:34 GMT
John Vines created ACCUMULO-3344:
------------------------------------

             Summary: memDump file should be 600, not 644 permissions
                 Key: ACCUMULO-3344
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3344
             Project: Accumulo
          Issue Type: Bug
    Affects Versions: 1.6.0, 1.5.0
            Reporter: John Vines


the memDump file is created whenever we minor compact mid-scan. It gets created on the local
filesystem in /tmp with name memDump+randomUuid.rf. Then the file gets switched for all the
iterators and it gets marked for deletion, which cleans it up after all file readers are done
with it. That leaves a window where the file is openly readable by all users on the filesystem.
While systems like file encryption can still be used, we should still provide more depth of
defense by making the files be permissioned only for the accumulo user and no others.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message