brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-46) Files created by persistence mechanism should not be readable by other users
Date Fri, 08 Aug 2014 16:57:11 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-46?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090959#comment-14090959
] 

ASF GitHub Bot commented on BROOKLYN-46:
----------------------------------------

GitHub user aledsage opened a pull request:

    https://github.com/apache/incubator-brooklyn/pull/114

    BROOKLYN-46: persist files with 600 permission

    Note this seriously affects performance of persisting files (i.e. persisting entity state).
It drops from about 5000 to 3000 writes per second on my machine, with just measuring the
`FileBasedObjectStore` performance (i.e. ignoring the memento generation etc).
    
    It won't affect performance of object store persistence at all.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/aledsage/incubator-brooklyn fix/persist-files-600-permission

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-brooklyn/pull/114.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #114
    
----
commit dee6c88333b6d6ebf9789bfec19791a4e2c7eaea
Author: Aled Sage <aled.sage@gmail.com>
Date:   2014-08-08T14:45:20Z

    BROOKLYN-46: persist files with 600 permission

----


> Files created by persistence mechanism should not be readable by other users
> ----------------------------------------------------------------------------
>
>                 Key: BROOKLYN-46
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-46
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Sam Corbett
>            Assignee: Aled Sage
>
> Originally reported at: https://github.com/brooklyncentral/brooklyn/issues/1240
> Files containing persisted state have permissions 644. Files containing persisted locations
contain private key data. Other users should not be able to read this data. We should follow
ssh's practice and restrict access to the user that owns the private key.
> {code}
> $ su otheruser
> $ ls -l /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations
> total 112
> -rw-r--r--  1 sam  staff  2319 10 Mar 10:38 BhIXCfBt
> -rw-r--r--  1 sam  staff  2317 10 Mar 10:38 FktCwLnX
> ...
> $ cat /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations/BhIXCfBt 
> <location>
>   <brooklynVersion>0.7.0-SNAPSHOT</brooklynVersion>
>   <type>brooklyn.location.basic.SshMachineLocation</type>
>   <id>BhIXCfBt</id>
>   <displayName>SshMachineLocation:BhIX</displayName>
>   <children/>
>   <locationConfig>
>     <longitude type="double">-77.48750305175781</longitude>
>     <port type="int">22</port>
>     <latitude type="double">39.043701171875</latitude>
>     <user>sam</user>
>     <privateKeyData>-----BEGIN RSA PRIVATE KEY-----
>     ... :-(
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message