[jira] [Commented] (HDFS-3096) dfs.datanode.data.dir.perm is set to 755 instead of 700
[ https://issues.apache.org/jira/browse/HDFS-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13656732#comment-13656732 ] Matt Foley commented on HDFS-3096: -- Changed Target Version to 1.3.0 upon release of 1.2.0. Please change to 1.2.1 if you intend to submit a fix for branch-1.2. > dfs.datanode.data.dir.perm is set to 755 instead of 700 > --- > > Key: HDFS-3096 > URL: https://issues.apache.org/jira/browse/HDFS-3096 > Project: Hadoop HDFS > Issue Type: Bug > Components: datanode >Affects Versions: 0.23.0, 1.0.0 >Reporter: Bikas Saha >Assignee: Bikas Saha > > dfs.datanode.data.dir.perm is used by the datanode to set the permissions of > it data directories. This is set by default to 755 which gives read > permissions to everyone to that directory, opening up possibility of reading > the data blocks by anyone in a secure cluster. Admins can over-ride this > config but its sub-optimal practice for the default to be weak. IMO, the > default should be strong and the admins can relax it if necessary. > The fix is to change default permissions to 700. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3096) dfs.datanode.data.dir.perm is set to 755 instead of 700
[ https://issues.apache.org/jira/browse/HDFS-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232402#comment-13232402 ] Bikas Saha commented on HDFS-3096: -- In branch 0.23 the datanode, at startup, overrides actual data dir permissions with expected permissions from the conf, in case they differ. In 1.0 the datanode checks for these values to be the same and refuses to start if they are different. A fix needs to be made for this behavior too. This code path in 0.23 has been refactored and so the change may not be a simple backport. Perhaps we could change the code in 1.0 to also override actual permissions with those from the config. > dfs.datanode.data.dir.perm is set to 755 instead of 700 > --- > > Key: HDFS-3096 > URL: https://issues.apache.org/jira/browse/HDFS-3096 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node >Affects Versions: 0.23.0, 1.0.0 >Reporter: Bikas Saha >Assignee: Bikas Saha > > dfs.datanode.data.dir.perm is used by the datanode to set the permissions of > it data directories. This is set by default to 755 which gives read > permissions to everyone to that directory, opening up possibility of reading > the data blocks by anyone in a secure cluster. Admins can over-ride this > config but its sub-optimal practice for the default to be weak. IMO, the > default should be strong and the admins can relax it if necessary. > The fix is to change default permissions to 700. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3096) dfs.datanode.data.dir.perm is set to 755 instead of 700
[ https://issues.apache.org/jira/browse/HDFS-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232241#comment-13232241 ] Matt Foley commented on HDFS-3096: -- Yes, but it needs porting to branch-1. > dfs.datanode.data.dir.perm is set to 755 instead of 700 > --- > > Key: HDFS-3096 > URL: https://issues.apache.org/jira/browse/HDFS-3096 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node >Affects Versions: 0.23.0, 1.0.0 >Reporter: Bikas Saha >Assignee: Bikas Saha > Fix For: 0.23.2, 1.0.2 > > > dfs.datanode.data.dir.perm is used by the datanode to set the permissions of > it data directories. This is set by default to 755 which gives read > permissions to everyone to that directory, opening up possibility of reading > the data blocks by anyone in a secure cluster. Admins can over-ride this > config but its sub-optimal practice for the default to be weak. IMO, the > default should be strong and the admins can relax it if necessary. > The fix is to change default permissions to 700. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3096) dfs.datanode.data.dir.perm is set to 755 instead of 700
[ https://issues.apache.org/jira/browse/HDFS-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229875#comment-13229875 ] Todd Lipcon commented on HDFS-3096: --- Is this dup of HDFS-1560? > dfs.datanode.data.dir.perm is set to 755 instead of 700 > --- > > Key: HDFS-3096 > URL: https://issues.apache.org/jira/browse/HDFS-3096 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node >Affects Versions: 0.23.0, 1.0.0 >Reporter: Bikas Saha >Assignee: Bikas Saha > Fix For: 0.23.2, 1.0.2 > > > dfs.datanode.data.dir.perm is used by the datanode to set the permissions of > it data directories. This is set by default to 755 which gives read > permissions to everyone to that directory, opening up possibility of reading > the data blocks by anyone in a secure cluster. Admins can over-ride this > config but its sub-optimal practice for the default to be weak. IMO, the > default should be strong and the admins can relax it if necessary. > The fix is to change default permissions to 700. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
