accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3344) memDump file should be 600, not 644 permissions
Date Thu, 20 Nov 2014 20:36:33 GMT


Christopher Tubbs commented on ACCUMULO-3344:

Would a reasonable workaround be to ensure to run the tserver as a user with a proper umask

> memDump file should be 600, not 644 permissions
> -----------------------------------------------
>                 Key: ACCUMULO-3344
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.0, 1.6.0
>            Reporter: John Vines
> the memDump file is created whenever we minor compact mid-scan. It gets created on the
local filesystem in /tmp with name memDump+randomUuid.rf. Then the file gets switched for
all the iterators and it gets marked for deletion, which cleans it up after all file readers
are done with it. That leaves a window where the file is openly readable by all users on the
filesystem. While systems like file encryption can still be used, we should still provide
more depth of defense by making the files be permissioned only for the accumulo user and no

This message was sent by Atlassian JIRA

View raw message