[jira] [Commented] (AMBARI-23083) Missing permission for 'others' when Ambari is configured with two way SSL and https enabled

Thu, 26 Apr 2018 16:08:32 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-23083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16455531#comment-16455531
 ] 

Swapan Shridhar commented on AMBARI-23083:
------------------------------------------

AMBARI-22934

> Missing permission for 'others' when Ambari is configured with two way SSL 
> and https enabled
> --------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-23083
>                 URL: https://issues.apache.org/jira/browse/AMBARI-23083
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.6.2
>            Reporter: Vivek Sharma
>            Assignee: Sandor Molnar
>            Priority: Critical
>              Labels: system_test
>             Fix For: 2.7.0
>
>
> # Deploy Ambari-2.6.2.0 server on machine A
> # Manually install and register agents on other machines (including machine A)
> # Enable 2 way SSL between server and agents
> # Enable https at Ambari server
> # Deploy a cluster via blueprints with HDP-2.6.5.0
> After cluster is deployed, observed that the permission of files such as 
> hadoop-env.sh is '-rw-r-----'
> Complete output:
> {code}
> [root@ctr-e138-1518143905142-36503-01-000002 logs]# ls -lhrt /etc/hadoop/conf/
> total 176K
> -rw-r--r-- 1 cstm-hdfs hadoop 8.9K Feb 22 09:30 core-site.xml
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_dn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_nn_jaas.conf
> -rw-r----- 1 cstm-hdfs hadoop 1.3K Feb 22 09:35 hadoop-policy.xml
> -rw-r----- 1 cstm-hdfs hadoop 884 Feb 22 09:35 ssl-client.xml
> drwxr-xr-x 2 root hadoop 4.0K Feb 22 09:35 secure
> -rw-r----- 1 cstm-hdfs hadoop 1000 Feb 22 09:35 ssl-server.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 8.7K Feb 22 09:35 hdfs-site.xml
> -rw-r--r-- 1 cstm-mr hadoop 7.5K Feb 22 09:37 mapred-site.xml
> -rw-r--r-- 1 cstm-hdfs hadoop 2.3K Feb 22 09:37 capacity-scheduler.xml
> -rw-r--r-- 1 root hadoop 1.1K Feb 22 09:37 container-executor.cfg
> -rwxr-xr-x 1 root root 984 Feb 22 09:37 mapred-env.sh
> -rw-r--r-- 1 root hadoop 947 Feb 22 09:37 taskcontroller.cfg
> -rw-r----- 1 cstm-yarn hadoop 571 Feb 22 09:37 yarn_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 337 Feb 22 09:37 yarn_ats_jaas.conf
> -rw-r----- 1 cstm-yarn hadoop 333 Feb 22 09:37 yarn_nm_jaas.conf
> -rw-r----- 1 cstm-mr hadoop 320 Feb 22 09:37 mapred_jaas.conf
> -rw-r----- 1 root root 1020 Feb 22 09:48 commons-logging.properties
> -rw-r----- 1 root root 1.6K Feb 22 09:48 health_check
> -rw-r--r-- 1 cstm-hdfs hadoop 11K Feb 22 09:48 log4j.properties
> -rwxr-xr-x 1 root root 4.2K Feb 22 09:48 task-log4j.properties
> -rwxr-xr-x 1 root root 2.4K Feb 22 09:48 topology_script.py
> -rw-r----- 1 root root 241 Feb 22 10:10 slaves
> -rw-r----- 1 root hadoop 6.3K Feb 22 10:10 hadoop-env.sh
> -rw-r--r-- 1 cstm-yarn hadoop 24K Feb 22 10:10 yarn-site.xml
> -rwxr-xr-x 1 cstm-yarn hadoop 5.5K Feb 22 10:10 yarn-env.sh
> -rw-r----- 1 cstm-hdfs hadoop 2.6K Feb 22 10:12 hadoop-metrics2.properties
> -rw-r--r-- 1 cstm-hdfs hadoop 467 Feb 22 10:12 topology_mappings.data
> -rw-r----- 1 cstm-hdfs hadoop 1 Feb 22 10:13 dfs.exclude
> {code}
>  
> When compared this with a non-SSL cluster the permission is '-rw-r--r--' i.e. 
> read permission is available for other users



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to