You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Eugene Chekanskiy (JIRA)" <ji...@apache.org> on 2017/09/19 13:08:00 UTC
[jira] [Updated] (AMBARI-21970) Enable sticky bit for
curl_krb_cache
[ https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Chekanskiy updated AMBARI-21970:
---------------------------------------
Attachment: AMBARI-21970.patch
> Enable sticky bit for curl_krb_cache
> ------------------------------------
>
> Key: AMBARI-21970
> URL: https://issues.apache.org/jira/browse/AMBARI-21970
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.5.0
> Reporter: Krishnama Raju K
> Assignee: Eugene Chekanskiy
> Priority: Minor
> Attachments: AMBARI-21970.patch
>
>
> In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit enabled. Trying to enable such permissions ( sticky bit or any other permissions ) for "curl_krb_request.py" is being over written after few seconds.
> It is observed that the chmod permissions set in "curl_krb_request.py" enforces periodic 0777 as shown in below snippet.
> {code:java}
> curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
> if not os.path.exists(curl_krb_cache_path):
> os.makedirs(curl_krb_cache_path)
> os.chmod(curl_krb_cache_path, 0777)
> {code}
> Ref: https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Hence, code changes need to be done for setting the sticky bit to prevent access from users who did not create the specific file.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)