[ https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Chekanskiy reassigned AMBARI-21970: ------------------------------------------ Assignee: Eugene Chekanskiy > Enable sticky bit for curl_krb_cache > ------------------------------------ > > Key: AMBARI-21970 > URL: https://issues.apache.org/jira/browse/AMBARI-21970 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.5.0 > Reporter: Krishnama Raju K > Assignee: Eugene Chekanskiy > Priority: Minor > Attachments: AMBARI-21970.patch > > > In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit > enabled. Trying to enable such permissions ( sticky bit or any other > permissions ) for "curl_krb_request.py" is being over written after few > seconds. > It is observed that the chmod permissions set in "curl_krb_request.py" > enforces periodic 0777 as shown in below snippet. > {code:java} > curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache") > if not os.path.exists(curl_krb_cache_path): > os.makedirs(curl_krb_cache_path) > os.chmod(curl_krb_cache_path, 0777) > {code} > Ref: > https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py > Hence, code changes need to be done for setting the sticky bit to prevent > access from users who did not create the specific file. -- This message was sent by Atlassian JIRA (v6.4.14#64029)