Re: [PR] HDDS-14574. Enforce 700 permissions on Ozone Metadata and Data(hdds) directories [ozone]

Wed, 18 Feb 2026 02:59:31 -0800 


sumitagrawl commented on code in PR #9735:
URL: https://github.com/apache/ozone/pull/9735#discussion_r2821686119


##########
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/volume/MutableVolumeSet.java:
##########
@@ -179,6 +181,15 @@ private void initializeVolumeSet() throws IOException {
           throw new IOException("Failed to create storage dir " +
               volume.getStorageDir());
         }
+
+        // Ensure permissions are set on the storage directory
+        // (permissions are also set in StorageVolume.initializeImpl(),
+        // but this ensures they're set even if directory already existed
+        // from a previous run with incorrect permissions)
+        if (volumeType == StorageVolume.VolumeType.DATA_VOLUME) {

Review Comment:
   This is required only for datavolume other other volume types ?



##########
hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/volume/StorageVolume.java:
##########
@@ -768,11 +781,31 @@ private static SpaceUsageCheckParams 
getSpaceUsageCheckParams(Builder b, Supplie
       throw new IOException("Unable to create the volume root dir at " + root);
     }
 
+    // Set permissions on volume root directory immediately after 
creation/check
+    // (for data volumes, we want to ensure the root has secure permissions,
+    // even if the directory already existed from a previous run)
+    // This follows the same pattern as metadata directories in 
getDirectoryFromConfig()
+    if (b.conf != null && root.exists() && 
HDDS_VOLUME_DIR.equals(b.getStorageDirStr())) {

Review Comment:
   this is called here also, and even during loading root also, check if this 
is duplicate OR for different path.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to