You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Tom Beerbower (JIRA)" <ji...@apache.org> on 2015/06/23 22:28:43 UTC

[jira] [Created] (AMBARI-12104) ambari-server setup-security changes truststore permissions to 600

Tom Beerbower created AMBARI-12104:
--------------------------------------

             Summary: ambari-server setup-security changes truststore permissions to 600
                 Key: AMBARI-12104
                 URL: https://issues.apache.org/jira/browse/AMBARI-12104
             Project: Ambari
          Issue Type: Bug
            Reporter: Tom Beerbower
            Assignee: Tom Beerbower
             Fix For: 2.1.0


The permissions change happens when {{ambari-server setup-security}} option {{[1] Enable HTTPS for Ambari server.}} is run.  600 is too restrictive.
Make it 640 instead.

{code}
ServerConfiguration.py
self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
...

setupSecurity.py
def adjust_directory_permissions(ambari_user):
  ...
  trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
  if trust_store_location:
    configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location, configDefaults.TRUST_STORE_LOCATION_PERMISSIONS, "{0}", False))

{code}

[~mahadev], I'm not sure what the strategy should be here.  Obviously the permissions are being adjusted for a reason.  The test creates the truststore with 440 and then Ambari adjusts it to 600.  What should the behavior be?  We could make it 640 to make the test pass but would that be too permissive in some case?




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)