You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2017/08/07 10:56:00 UTC

[jira] [Created] (AMBARI-21666) /etc/hadoop/*/ssl-client.xml set chmod 600 instead of 640 results in permission denied in Yarn RM log

Hari Sekhon created AMBARI-21666:
------------------------------------

             Summary: /etc/hadoop/*/ssl-client.xml set chmod 600 instead of 640 results in permission denied in Yarn RM log
                 Key: AMBARI-21666
                 URL: https://issues.apache.org/jira/browse/AMBARI-21666
             Project: Ambari
          Issue Type: Bug
          Components: ambari-agent, ambari-server
    Affects Versions: 2.5.0
         Environment: HDP 2.6.0.3 on SLES 12.1
            Reporter: Hari Sekhon


Ambari seems to have deployed /etc/hadoop/2.6.0.3/0/ssl-client.xml and ssl-server.xml with permissions 600 hdfs:hadoop resulting in Yarn RM getting permission denied in it's logs.

This should be set to 640 to allow the yarn process to use the hadoop group to read the files, or because it contains jks passwords use a new group containing only yarn (since yarn is only in the hadoop group), or set an extended ACL to permit just the yarn user read permissions.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)