You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/02/26 12:32:00 UTC
[jira] [Resolved] (AMBARI-23081) Missing permission for 'others'
when Ambari is configured with two way SSL and https enabled
[ https://issues.apache.org/jira/browse/AMBARI-23081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar resolved AMBARI-23081.
------------------------------------
Resolution: Won't Do
New issue is created (AMBARI-23083) to preserve original reporter
> Missing permission for 'others' when Ambari is configured with two way SSL and https enabled
> ---------------------------------------------------------------------------------------------
>
> Key: AMBARI-23081
> URL: https://issues.apache.org/jira/browse/AMBARI-23081
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.2
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.6.2
>
>
> Initially observed this problem during testing of HOTFIX-1365 , later was able to reproduce with Ambari-2.6.2 as well
> *STR*
> # Deploy Ambari-2.6.2.0 server on machine A
> # Manually install and register agents on other machines (including machine A)
> # Enable 2 way SSL between server and agents
> # Enable https at Ambari server
> # Deploy a cluster via blueprints with HDP-2.6.5.0
> After cluster is deployed, observed that the permission of files such as hadoop-env.sh is '-rw-r-----'
> Complete output:
> {code:java}
> [root@ctr-e138-1518143905142-36503-01-000002 logs]# ls -lhrt /etc/hadoop/conf/
> total 176K
> -rw-r--r-- 1 cstm-hdfs hadoop 8.9K Feb 22 09:30 core-site.xml
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_dn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_nn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 1.3K Feb 22 09:35 hadoop-policy.xml
> -rw-r----- 1 cstm-hdfs hadoop 884 Feb 22 09:35 ssl-client.xml
> drwxr-xr-x 2 root hadoop 4.0K Feb 22 09:35 secure
> -rw-r----- 1 cstm-hdfs hadoop 1000 Feb 22 09:35 ssl-server.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 8.7K Feb 22 09:35 hdfs-site.xml
> -rw-r--r-- 1 cstm-mr hadoop 7.5K Feb 22 09:37 mapred-site.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 2.3K Feb 22 09:37 capacity-scheduler.xml
> -rw-r--r-- 1 root hadoop 1.1K Feb 22 09:37 container-executor.cfg
> -rwxr-xr-x 1 root root 984 Feb 22 09:37 mapred-env.sh
> -rw-r--r-- 1 root hadoop 947 Feb 22 09:37 taskcontroller.cfg
> -rw-r----- 1 cstm-yarn hadoop 571 Feb 22 09:37 yarn_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 337 Feb 22 09:37 yarn_ats_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 333 Feb 22 09:37 yarn_nm_jaas.conf
> -rw-r----- 1 cstm-mr hadoop 320 Feb 22 09:37 mapred_jaas.conf
> -rw-r----- 1 root root 1020 Feb 22 09:48 commons-logging.properties
> -rw-r----- 1 root root 1.6K Feb 22 09:48 health_check
> -rw-r--r-- 1 cstm-hdfs hadoop 11K Feb 22 09:48 log4j.properties
> -rwxr-xr-x 1 root root 4.2K Feb 22 09:48 task-log4j.properties
> -rwxr-xr-x 1 root root 2.4K Feb 22 09:48 topology_script.py
> -rw-r----- 1 root root 241 Feb 22 10:10 slaves
> -rw-r----- 1 root hadoop 6.3K Feb 22 10:10 hadoop-env.sh
> -rw-r--r-- 1 cstm-yarn hadoop 24K Feb 22 10:10 yarn-site.xml
> -rwxr-xr-x 1 cstm-yarn hadoop 5.5K Feb 22 10:10 yarn-env.sh
> -rw-r----- 1 cstm-hdfs hadoop 2.6K Feb 22 10:12 hadoop-metrics2.properties
> -rw-r--r-- 1 cstm-hdfs hadoop 467 Feb 22 10:12 topology_mappings.data
> -rw-r----- 1 cstm-hdfs hadoop 1 Feb 22 10:13 dfs.exclude
> {code}
> When compared this with a non-SSL cluster the permission is '-rw-r--r--' i.e. read permission is available for other users.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)