accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3344) memDump file should be 600, not 644 permissions
Date Thu, 20 Nov 2014 20:51:34 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14219975#comment-14219975
] 

John Vines commented on ACCUMULO-3344:
--------------------------------------

Whatever gets the file generated with proper permissions.

> memDump file should be 600, not 644 permissions
> -----------------------------------------------
>
>                 Key: ACCUMULO-3344
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3344
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.0, 1.6.0
>            Reporter: John Vines
>
> the memDump file is created whenever we minor compact mid-scan. It gets created on the
local filesystem in /tmp with name memDump+randomUuid.rf. Then the file gets switched for
all the iterators and it gets marked for deletion, which cleans it up after all file readers
are done with it. That leaves a window where the file is openly readable by all users on the
filesystem. While systems like file encryption can still be used, we should still provide
more depth of defense by making the files be permissioned only for the accumulo user and no
others.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message