You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Tom Beerbower (JIRA)" <ji...@apache.org> on 2015/06/23 22:28:43 UTC
[jira] [Created] (AMBARI-12104) ambari-server setup-security
changes truststore permissions to 600
Tom Beerbower created AMBARI-12104:
--------------------------------------
Summary: ambari-server setup-security changes truststore permissions to 600
Key: AMBARI-12104
URL: https://issues.apache.org/jira/browse/AMBARI-12104
Project: Ambari
Issue Type: Bug
Reporter: Tom Beerbower
Assignee: Tom Beerbower
Fix For: 2.1.0
The permissions change happens when {{ambari-server setup-security}} option {{[1] Enable HTTPS for Ambari server.}} is run. 600 is too restrictive.
Make it 640 instead.
{code}
ServerConfiguration.py
self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
...
setupSecurity.py
def adjust_directory_permissions(ambari_user):
...
trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
if trust_store_location:
configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location, configDefaults.TRUST_STORE_LOCATION_PERMISSIONS, "{0}", False))
{code}
[~mahadev], I'm not sure what the strategy should be here. Obviously the permissions are being adjusted for a reason. The test creates the truststore with 440 and then Ambari adjusts it to 600. What should the behavior be? We could make it 640 to make the test pass but would that be too permissive in some case?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)