You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/01/31 22:38:51 UTC
[jira] [Commented] (KUDU-1855) Kudu file UNIX permissions are
inconsistent
[ https://issues.apache.org/jira/browse/KUDU-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15847665#comment-15847665 ]
Todd Lipcon commented on KUDU-1855:
-----------------------------------
Seems like we should probably be making our data 0600 even if the user's umask is a bit too open... Surprising to see the data files a+r (even if probably the root of the data dir is a-x and thus safe?)
> Kudu file UNIX permissions are inconsistent
> -------------------------------------------
>
> Key: KUDU-1855
> URL: https://issues.apache.org/jira/browse/KUDU-1855
> Project: Kudu
> Issue Type: Bug
> Components: security
> Affects Versions: 1.3.0
> Reporter: Adar Dembo
>
> Right now the access modes of Kudu files on disk are quite inconsistent. For example:
> {noformat}
> 694296 0 drwxr-xr-x 4 kudu kudu 27 Jun 21 2016 /data/1/kudu/tablet
> 2150110267 0 drwxr-xr-x 5 kudu kudu 71 Jan 17 17:42 /data/1/kudu/tablet/data
> 2150124127 4 -rw------- 1 kudu kudu 665 Jun 21 2016 /data/1/kudu/tablet/data/instance
> 702851 16 drwxr-xr-x 2 kudu kudu 12288 Jan 31 14:02 /data/1/kudu/tablet/data/tablet-meta
> 702894 12 -rw------- 1 kudu kudu 9501 Jan 22 13:38 /data/1/kudu/tablet/data/tablet-meta/33cc61001d1442048a588f930d973464
> ...
> 2153868729 8 -rw------- 1 kudu kudu 8109 Jan 12 22:26 /data/1/kudu/tablet/data/consensus-meta/83a2f75a88bd48f5a8ec28f8328af481
> 702854 152 drwxr-xr-x 2 kudu kudu 110592 Jan 23 16:59 /data/1/kudu/tablet/data/data
> 1545641 0 -rw-r--r-- 1 kudu kudu 10743091200 Jan 9 13:06 /data/1/kudu/tablet/data/data/bdf6d87c2ba34d598327b0b9e159a5ea.data
> 705690 4 -rw------- 1 kudu kudu 990 Jun 21 2016 /data/1/kudu/tablet/data/data/block_manager_instance
> 278147 652 -rw-r--r-- 1 kudu kudu 660084 Aug 15 00:09 /data/1/kudu/tablet/data/data/3917e1185471419786f59ad72bb7ba63.metadata
> 290587 0 -rw-r--r-- 1 kudu kudu 10746855424 Jan 9 13:05 /data/1/kudu/tablet/data/data/3917e1185471419786f59ad72bb7ba63.data
> 291129 672 -rw-r--r-- 1 kudu kudu 681669 Aug 15 00:09 /data/1/kudu/tablet/data/data/756bd793f0c24188853e096f835ba7b4.metadata
> {noformat}
> I suspect it's due to the difference of "files opened as temp files and renamed into place" and "files opened directly". The former have permissions that are even more restrictive than the umask (022), while the latter adhere to the umask.
> I don't know whether more restrictive or less restrictive modes should be used, but I don't see any reason why all files in Kudu's filesystem layout shouldn't have the same permissions.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)