Gargi Jaiswal created HDDS-14574:
------------------------------------
Summary: Enforce 700 permissions on Ozone Metadata and Data(hdds)
directories
Key: HDDS-14574
URL: https://issues.apache.org/jira/browse/HDDS-14574
Project: Apache Ozone
Issue Type: Bug
Reporter: Gargi Jaiswal
Assignee: Gargi Jaiswal
*Current Behaviour:*
For Ozone metadata of *OM, SCM, DN and Recon* and *Datanode*
{*}Directory{*}(/data/hdds) have *750* and *755 permissions* respectively.
||Configuration Property||Permissions||
|ozone.recon.db.dirs.permissions|750|
|ozone.scm.db.dirs.permissions|750|
|ozone.om.db.dirs.permissions|750|
|ozone.metadata.dirs.permissions|750|
We should bring Ozone up to parity with HDFS, where we have both a parameter
that controls the permission, as well as health alerts for lax permissions.
Incorrectly permissioned data directories can lead to a serious data breach as
any user (e.g. any Spark application) is able to read the data files.
*Proposed Behaviour:*
Make the default permissions for all ozone metadata and data directories as
*700* similar to hdfs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
