[
https://issues.apache.org/jira/browse/ACCUMULO-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Corey J. Nolet updated ACCUMULO-2806:
-------------------------------------
Fix Version/s: 1.6.3
> Accumulo init should ensure wals and tables are not world readable
> ------------------------------------------------------------------
>
> Key: ACCUMULO-2806
> URL: https://issues.apache.org/jira/browse/ACCUMULO-2806
> Project: Accumulo
> Issue Type: Bug
> Affects Versions: 1.5.0, 1.5.1, 1.6.0
> Reporter: Sean Busbey
> Priority: Critical
> Fix For: 1.5.3, 1.7.0, 1.6.3
>
>
> Just did an init on a new 1.6.1-SNAP cluster, and noticed the following
> permissions:
> {noformat}
> dfs -ls /
> Found 4 items
> drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:48 /accumulo
> drwxr-xr-x - hdfs supergroup 0 2014-05-14 08:10 /jobtracker
> drwxrwxrwx - hdfs supergroup 0 2014-05-14 08:10 /tmp
> drwxr-xr-x - hdfs supergroup 0 2014-05-14 09:48 /user
> -bash-4.1$ hdfs dfs -ls /accumulo
> Found 3 items
> drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55
> /accumulo/instance_id
> drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55
> /accumulo/tables
> drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55
> /accumulo/version
> {noformat}
> I previously set up /accumulo as 755, under the understanding that clients
> need access to /accumulo/instance_id
> things to fix
> # make init chmod tables and wals to 700, as a defensive measure to avoid
> data leaks
> # maybe also make sure if the trash is enabled that our user directory is
> also not world readable
> # If clients don't need access to instance_id, include a check that the data
> dir is not world readable
> Workaround: manually change permissions after init
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
