[
https://issues.apache.org/jira/browse/KUDU-3208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17222992#comment-17222992
]
Peter Ebert commented on KUDU-3208:
-----------------------------------
My thought was something like (name debatable) --umask_logfile or
--umask_logfile_override that would take precedent over the other umask and
only be applied to logfiles, I'm confused how logfile_mode is applied because
it seems like this can only make the permissions more restrictive (remove set
bits) for logs, if that assumption is correct I'm not sure when logs would be
considered more sensitive than data directories. Without setting logfile_mode,
a umask of 033 applies 744 permissions to the logs in my testing (on the master
node).
> Separate umask for log dir
> --------------------------
>
> Key: KUDU-3208
> URL: https://issues.apache.org/jira/browse/KUDU-3208
> Project: Kudu
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.13.0
> Reporter: Peter Ebert
> Priority: Major
>
> Currently the umask is applied to all directories/files kudu manages. Logs
> are typically less sensitive and could be 744 (as they are with HBase by
> default), which enables teams to debug issues that may not have root/kudu
> keytab access.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
