You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by "Christopher Tubbs (JIRA)" <ji...@apache.org> on 2014/11/20 21:36:33 UTC

[jira] [Commented] (ACCUMULO-3344) memDump file should be 600, not 644 permissions

    [ https://issues.apache.org/jira/browse/ACCUMULO-3344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14219947#comment-14219947 ] 

Christopher Tubbs commented on ACCUMULO-3344:
---------------------------------------------

Would a reasonable workaround be to ensure to run the tserver as a user with a proper umask set?

> memDump file should be 600, not 644 permissions
> -----------------------------------------------
>
>                 Key: ACCUMULO-3344
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3344
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.0, 1.6.0
>            Reporter: John Vines
>
> the memDump file is created whenever we minor compact mid-scan. It gets created on the local filesystem in /tmp with name memDump+randomUuid.rf. Then the file gets switched for all the iterators and it gets marked for deletion, which cleans it up after all file readers are done with it. That leaves a window where the file is openly readable by all users on the filesystem. While systems like file encryption can still be used, we should still provide more depth of defense by making the files be permissioned only for the accumulo user and no others.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)