[ https://issues.apache.org/jira/browse/CASSANDRA-17470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brandon Williams updated CASSANDRA-17470: ----------------------------------------- Change Category: Operability Complexity: Normal Component/s: Packaging Fix Version/s: 4.x Status: Open (was: Triage Needed) > Default directory permissions for /var/lib/cassandra could be more restrictive > ------------------------------------------------------------------------------ > > Key: CASSANDRA-17470 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17470 > Project: Cassandra > Issue Type: Improvement > Components: Packaging > Reporter: Sebastian Schulze > Priority: Normal > Fix For: 4.x > > > I noticed that the default permissions for /var/lib/cassandra and everything > below seem to be "world readable", e.g. "{{{}drwxr-xr-x 6 cassandra > cassandra{}}}". > It might depend on the distribution / package used, but I can at least > confirm this for the official Cassandra Debian packages as well as the Docker > containers. Out of curiosity I compared it to Postgres and MySQL to see which > defaults they would opt for and they are > {{drwxr-x--- 2 mysql mysql 4.0K Mar 22 10:00 mysql}} > and respectively > {{drwx------ 19 postgres postgres 4.0K Mar 22 10:01 data}} > which is way more appropriate in my option. ([Here is a Gist with the script > to compare > them|https://gist.github.com/bascht/31fa749d4121b9898902d5d557a01f82]) > If there is no particular reason behind this, I would suggest that the > default packages should have stricter ulimits that restricts access to the > data directory to the cassandra user & group. > (See also this [mailing list > thread|https://lists.apache.org/thread/gyoqb4xnq4ry0c726f0ntz83rvn0w5kx]) -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org