ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-12104) ambari-server setup-security changes truststore permissions to 600
Date Tue, 23 Jun 2015 20:28:43 GMT
Tom Beerbower created AMBARI-12104:
--------------------------------------

             Summary: ambari-server setup-security changes truststore permissions to 600
                 Key: AMBARI-12104
                 URL: https://issues.apache.org/jira/browse/AMBARI-12104
             Project: Ambari
          Issue Type: Bug
            Reporter: Tom Beerbower
            Assignee: Tom Beerbower
             Fix For: 2.1.0


The permissions change happens when {{ambari-server setup-security}} option {{[1] Enable HTTPS
for Ambari server.}} is run.  600 is too restrictive.
Make it 640 instead.

{code}
ServerConfiguration.py
self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
...

setupSecurity.py
def adjust_directory_permissions(ambari_user):
  ...
  trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
  if trust_store_location:
    configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location, configDefaults.TRUST_STORE_LOCATION_PERMISSIONS,
"{0}", False))

{code}

[~mahadev], I'm not sure what the strategy should be here.  Obviously the permissions are
being adjusted for a reason.  The test creates the truststore with 440 and then Ambari adjusts
it to 600.  What should the behavior be?  We could make it 640 to make the test pass but would
that be too permissive in some case?




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message