Sebastian Schulze created CASSANDRA-17470: ---------------------------------------------
Summary: Default directory permissions for /var/lib/cassandra could be more restrictive Key: CASSANDRA-17470 URL: https://issues.apache.org/jira/browse/CASSANDRA-17470 Project: Cassandra Issue Type: Improvement Reporter: Sebastian Schulze I noticed that the default permissions for /var/lib/cassandra and everything below seem to be "world readable", e.g. "{{{}drwxr-xr-x 6 cassandra cassandra{}}}". It might depend on the distribution / package used, but I can at least confirm this for the official Cassandra Debian packages as well as the Docker containers. Out of curiosity I compared it to Postgres and MySQL to see which defaults they would opt for and they are {{drwxr-x--- 2 mysql mysql 4.0K Mar 22 10:00 mysql}} and respectively {{drwx------ 19 postgres postgres 4.0K Mar 22 10:01 data}} which is way more appropriate in my option. ([Here is a Gist with the script to compare them|https://gist.github.com/bascht/31fa749d4121b9898902d5d557a01f82]) If there is no particular reason behind this, I would suggest that the default packages should have stricter ulimits that restricts access to the data directory to the cassandra user & group. (See also this [mailing list thread|https://lists.apache.org/thread/gyoqb4xnq4ry0c726f0ntz83rvn0w5kx]) -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org