[
https://issues.apache.org/jira/browse/CASSANDRA-17470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-17470:
-----------------------------------------
Change Category: Operability
Complexity: Normal
Component/s: Packaging
Fix Version/s: 4.x
Status: Open (was: Triage Needed)
> Default directory permissions for /var/lib/cassandra could be more restrictive
> ------------------------------------------------------------------------------
>
> Key: CASSANDRA-17470
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17470
> Project: Cassandra
> Issue Type: Improvement
> Components: Packaging
> Reporter: Sebastian Schulze
> Priority: Normal
> Fix For: 4.x
>
>
> I noticed that the default permissions for /var/lib/cassandra and everything
> below seem to be "world readable", e.g. "{{{}drwxr-xr-x 6 cassandra
> cassandra{}}}".
> It might depend on the distribution / package used, but I can at least
> confirm this for the official Cassandra Debian packages as well as the Docker
> containers. Out of curiosity I compared it to Postgres and MySQL to see which
> defaults they would opt for and they are
> {{drwxr-x--- 2 mysql mysql 4.0K Mar 22 10:00 mysql}}
> and respectively
> {{drwx------ 19 postgres postgres 4.0K Mar 22 10:01 data}}
> which is way more appropriate in my option. ([Here is a Gist with the script
> to compare
> them|https://gist.github.com/bascht/31fa749d4121b9898902d5d557a01f82])
> If there is no particular reason behind this, I would suggest that the
> default packages should have stricter ulimits that restricts access to the
> data directory to the cassandra user & group.
> (See also this [mailing list
> thread|https://lists.apache.org/thread/gyoqb4xnq4ry0c726f0ntz83rvn0w5kx])
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
