[
https://issues.apache.org/jira/browse/HDFS-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232402#comment-13232402
]
Bikas Saha commented on HDFS-3096:
----------------------------------
In branch 0.23 the datanode, at startup, overrides actual data dir permissions
with expected permissions from the conf, in case they differ. In 1.0 the
datanode checks for these values to be the same and refuses to start if they
are different. A fix needs to be made for this behavior too.
This code path in 0.23 has been refactored and so the change may not be a
simple backport. Perhaps we could change the code in 1.0 to also override
actual permissions with those from the config.
> dfs.datanode.data.dir.perm is set to 755 instead of 700
> -------------------------------------------------------
>
> Key: HDFS-3096
> URL: https://issues.apache.org/jira/browse/HDFS-3096
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: data-node
> Affects Versions: 0.23.0, 1.0.0
> Reporter: Bikas Saha
> Assignee: Bikas Saha
>
> dfs.datanode.data.dir.perm is used by the datanode to set the permissions of
> it data directories. This is set by default to 755 which gives read
> permissions to everyone to that directory, opening up possibility of reading
> the data blocks by anyone in a secure cluster. Admins can over-ride this
> config but its sub-optimal practice for the default to be weak. IMO, the
> default should be strong and the admins can relax it if necessary.
> The fix is to change default permissions to 700.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
