ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12104) ambari-server setup-security changes truststore permissions to 600
Date Tue, 23 Jun 2015 23:10:43 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14598549#comment-14598549
] 

Hudson commented on AMBARI-12104:
---------------------------------

SUCCESS: Integrated in Ambari-branch-2.1 #98 (See [https://builds.apache.org/job/Ambari-branch-2.1/98/])
AMBARI-12104 - ambari-server setup-security changes truststore permissions to 600 (tbeerbower)
(tbeerbower: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=dbd97e82c35aca912e5cd620acc45fcbeea2429b)
* ambari-server/src/main/python/ambari_server/serverConfiguration.py
* ambari-server/src/main/python/ambari-server.py


> ambari-server setup-security changes truststore permissions to 600
> ------------------------------------------------------------------
>
>                 Key: AMBARI-12104
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12104
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Tom Beerbower
>            Assignee: Tom Beerbower
>             Fix For: 2.1.0
>
>
> The permissions change happens when {{ambari-server setup-security}} option {{[1] Enable
HTTPS for Ambari server.}} is run.  600 is too restrictive.
> Make it 640 instead.
> {code}
> ServerConfiguration.py
> self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
> ...
> setupSecurity.py
> def adjust_directory_permissions(ambari_user):
>   ...
>   trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
>   if trust_store_location:
>     configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location, configDefaults.TRUST_STORE_LOCATION_PERMISSIONS,
"{0}", False))
> {code}
> [~mahadev], I'm not sure what the strategy should be here.  Obviously the permissions
are being adjusted for a reason.  The test creates the truststore with 440 and then Ambari
adjusts it to 600.  What should the behavior be?  We could make it 640 to make the test pass
but would that be too permissive in some case?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message