[ https://issues.apache.org/jira/browse/AMBARI-23083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16376908#comment-16376908 ]
Sandor Molnar commented on AMBARI-23083: ---------------------------------------- [~shavi71] I can not reproduce this issue with simply deploying a cluster with Zookeeper only. After following the steps I see the following rights on the file system: {code:java} [root@c6401 ~]# ls -lhrt /etc/zookeeper/conf/ total 24K -rw-r--r-- 1 zookeeper hadoop 922 Feb 23 20:32 zoo_sample.cfg -rw-r--r-- 1 root root 1.2K Feb 23 20:32 zookeeper-env.cmd -rw-r--r-- 1 zookeeper hadoop 1.1K Feb 26 13:52 zoo.cfg -rw-r--r-- 1 zookeeper hadoop 548 Feb 26 13:52 configuration.xsl -rw-r--r-- 1 zookeeper hadoop 2.5K Feb 26 13:52 log4j.properties -rwxr-xr-x 1 zookeeper hadoop 311 Feb 26 13:52 zookeeper-env.sh {code} I deployed Ambari 2.6.2.0-63. I believe the above issue should not be bound to HDFS only. Right? If you think this is HFDS related issue only please let me know. One more question: I use our REST API to deploy a cluster via blueprints. If you follow the same technic could you please send me the payload for blueprint/cluster creation? Thanks, Sandor > Missing permission for 'others' when Ambari is configured with two way SSL > and https enabled > -------------------------------------------------------------------------------------------- > > Key: AMBARI-23083 > URL: https://issues.apache.org/jira/browse/AMBARI-23083 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.6.2 > Reporter: Vivek Sharma > Assignee: Sandor Molnar > Priority: Critical > Labels: system_test > Fix For: 2.6.2 > > > # Deploy Ambari-2.6.2.0 server on machine A > # Manually install and register agents on other machines (including machine A) > # Enable 2 way SSL between server and agents > # Enable https at Ambari server > # Deploy a cluster via blueprints with HDP-2.6.5.0 > After cluster is deployed, observed that the permission of files such as > hadoop-env.sh is '-rw-r-----' > Complete output: > {code} > [root@ctr-e138-1518143905142-36503-01-000002 logs]# ls -lhrt /etc/hadoop/conf/ > total 176K > -rw-r--r-- 1 cstm-hdfs hadoop 8.9K Feb 22 09:30 core-site.xml > -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_dn_jaas.conf > -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_nn_jaas.conf > -rw-r----- 1 cstm-hdfs hadoop 1.3K Feb 22 09:35 hadoop-policy.xml > -rw-r----- 1 cstm-hdfs hadoop 884 Feb 22 09:35 ssl-client.xml > drwxr-xr-x 2 root hadoop 4.0K Feb 22 09:35 secure > -rw-r----- 1 cstm-hdfs hadoop 1000 Feb 22 09:35 ssl-server.xml > -rw-r--r-- 1 cstm-hdfs hadoop 8.7K Feb 22 09:35 hdfs-site.xml > -rw-r--r-- 1 cstm-mr hadoop 7.5K Feb 22 09:37 mapred-site.xml > -rw-r--r-- 1 cstm-hdfs hadoop 2.3K Feb 22 09:37 capacity-scheduler.xml > -rw-r--r-- 1 root hadoop 1.1K Feb 22 09:37 container-executor.cfg > -rwxr-xr-x 1 root root 984 Feb 22 09:37 mapred-env.sh > -rw-r--r-- 1 root hadoop 947 Feb 22 09:37 taskcontroller.cfg > -rw-r----- 1 cstm-yarn hadoop 571 Feb 22 09:37 yarn_jaas.conf > -rw-r----- 1 cstm-yarn hadoop 337 Feb 22 09:37 yarn_ats_jaas.conf > -rw-r----- 1 cstm-yarn hadoop 333 Feb 22 09:37 yarn_nm_jaas.conf > -rw-r----- 1 cstm-mr hadoop 320 Feb 22 09:37 mapred_jaas.conf > -rw-r----- 1 root root 1020 Feb 22 09:48 commons-logging.properties > -rw-r----- 1 root root 1.6K Feb 22 09:48 health_check > -rw-r--r-- 1 cstm-hdfs hadoop 11K Feb 22 09:48 log4j.properties > -rwxr-xr-x 1 root root 4.2K Feb 22 09:48 task-log4j.properties > -rwxr-xr-x 1 root root 2.4K Feb 22 09:48 topology_script.py > -rw-r----- 1 root root 241 Feb 22 10:10 slaves > -rw-r----- 1 root hadoop 6.3K Feb 22 10:10 hadoop-env.sh > -rw-r--r-- 1 cstm-yarn hadoop 24K Feb 22 10:10 yarn-site.xml > -rwxr-xr-x 1 cstm-yarn hadoop 5.5K Feb 22 10:10 yarn-env.sh > -rw-r----- 1 cstm-hdfs hadoop 2.6K Feb 22 10:12 hadoop-metrics2.properties > -rw-r--r-- 1 cstm-hdfs hadoop 467 Feb 22 10:12 topology_mappings.data > -rw-r----- 1 cstm-hdfs hadoop 1 Feb 22 10:13 dfs.exclude > {code} > > When compared this with a non-SSL cluster the permission is '-rw-r--r--' i.e. > read permission is available for other users -- This message was sent by Atlassian JIRA (v7.6.3#76005)