[
https://issues.apache.org/jira/browse/AMBARI-23083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16376908#comment-16376908
]
Sandor Molnar commented on AMBARI-23083:
----------------------------------------
[~shavi71]
I can not reproduce this issue with simply deploying a cluster with Zookeeper
only. After following the steps I see the following rights on the file system:
{code:java}
[root@c6401 ~]# ls -lhrt /etc/zookeeper/conf/
total 24K
-rw-r--r-- 1 zookeeper hadoop 922 Feb 23 20:32 zoo_sample.cfg
-rw-r--r-- 1 root root 1.2K Feb 23 20:32 zookeeper-env.cmd
-rw-r--r-- 1 zookeeper hadoop 1.1K Feb 26 13:52 zoo.cfg
-rw-r--r-- 1 zookeeper hadoop 548 Feb 26 13:52 configuration.xsl
-rw-r--r-- 1 zookeeper hadoop 2.5K Feb 26 13:52 log4j.properties
-rwxr-xr-x 1 zookeeper hadoop 311 Feb 26 13:52 zookeeper-env.sh
{code}
I deployed Ambari 2.6.2.0-63. I believe the above issue should not be bound to
HDFS only. Right? If you think this is HFDS related issue only please let me
know.
One more question: I use our REST API to deploy a cluster via blueprints. If
you follow the same technic could you please send me the payload for
blueprint/cluster creation?
Thanks,
Sandor
> Missing permission for 'others' when Ambari is configured with two way SSL
> and https enabled
> --------------------------------------------------------------------------------------------
>
> Key: AMBARI-23083
> URL: https://issues.apache.org/jira/browse/AMBARI-23083
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.2
> Reporter: Vivek Sharma
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: system_test
> Fix For: 2.6.2
>
>
> # Deploy Ambari-2.6.2.0 server on machine A
> # Manually install and register agents on other machines (including machine A)
> # Enable 2 way SSL between server and agents
> # Enable https at Ambari server
> # Deploy a cluster via blueprints with HDP-2.6.5.0
> After cluster is deployed, observed that the permission of files such as
> hadoop-env.sh is '-rw-r-----'
> Complete output:
> {code}
> [root@ctr-e138-1518143905142-36503-01-000002 logs]# ls -lhrt /etc/hadoop/conf/
> total 176K
> -rw-r--r-- 1 cstm-hdfs hadoop 8.9K Feb 22 09:30 core-site.xml
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_dn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_nn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 1.3K Feb 22 09:35 hadoop-policy.xml
> -rw-r----- 1 cstm-hdfs hadoop 884 Feb 22 09:35 ssl-client.xml
> drwxr-xr-x 2 root hadoop 4.0K Feb 22 09:35 secure
> -rw-r----- 1 cstm-hdfs hadoop 1000 Feb 22 09:35 ssl-server.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 8.7K Feb 22 09:35 hdfs-site.xml
> -rw-r--r-- 1 cstm-mr hadoop 7.5K Feb 22 09:37 mapred-site.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 2.3K Feb 22 09:37 capacity-scheduler.xml
> -rw-r--r-- 1 root hadoop 1.1K Feb 22 09:37 container-executor.cfg
> -rwxr-xr-x 1 root root 984 Feb 22 09:37 mapred-env.sh
> -rw-r--r-- 1 root hadoop 947 Feb 22 09:37 taskcontroller.cfg
> -rw-r----- 1 cstm-yarn hadoop 571 Feb 22 09:37 yarn_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 337 Feb 22 09:37 yarn_ats_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 333 Feb 22 09:37 yarn_nm_jaas.conf
> -rw-r----- 1 cstm-mr hadoop 320 Feb 22 09:37 mapred_jaas.conf
> -rw-r----- 1 root root 1020 Feb 22 09:48 commons-logging.properties
> -rw-r----- 1 root root 1.6K Feb 22 09:48 health_check
> -rw-r--r-- 1 cstm-hdfs hadoop 11K Feb 22 09:48 log4j.properties
> -rwxr-xr-x 1 root root 4.2K Feb 22 09:48 task-log4j.properties
> -rwxr-xr-x 1 root root 2.4K Feb 22 09:48 topology_script.py
> -rw-r----- 1 root root 241 Feb 22 10:10 slaves
> -rw-r----- 1 root hadoop 6.3K Feb 22 10:10 hadoop-env.sh
> -rw-r--r-- 1 cstm-yarn hadoop 24K Feb 22 10:10 yarn-site.xml
> -rwxr-xr-x 1 cstm-yarn hadoop 5.5K Feb 22 10:10 yarn-env.sh
> -rw-r----- 1 cstm-hdfs hadoop 2.6K Feb 22 10:12 hadoop-metrics2.properties
> -rw-r--r-- 1 cstm-hdfs hadoop 467 Feb 22 10:12 topology_mappings.data
> -rw-r----- 1 cstm-hdfs hadoop 1 Feb 22 10:13 dfs.exclude
> {code}
>
> When compared this with a non-SSL cluster the permission is '-rw-r--r--' i.e.
> read permission is available for other users
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
