[jira] [Updated] (AMBARI-21970) Enable sticky bit for curl_krb_cache

2017-09-20 Thread Eugene Chekanskiy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eugene Chekanskiy updated AMBARI-21970:
---
Resolution: Fixed
Status: Resolved  (was: Patch Available)

> Enable sticky bit for curl_krb_cache
> 
>
> Key: AMBARI-21970
> URL: https://issues.apache.org/jira/browse/AMBARI-21970
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Krishnama Raju K
>Assignee: Eugene Chekanskiy
>Priority: Minor
> Attachments: AMBARI-21970.patch
>
>
> In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit 
> enabled. Trying to enable such permissions ( sticky bit or any other 
> permissions ) for "curl_krb_request.py" is being over written after few 
> seconds.
> It is observed that the chmod permissions set in "curl_krb_request.py" 
> enforces periodic 0777 as shown in below snippet.
> {code:java}
> curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
>   if not os.path.exists(curl_krb_cache_path):
> os.makedirs(curl_krb_cache_path)
>   os.chmod(curl_krb_cache_path, 0777)
> {code}
> Ref: 
> https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Hence, code changes need to be done for setting the sticky bit to prevent 
> access from users who did not create the specific file. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (AMBARI-21970) Enable sticky bit for curl_krb_cache

2017-09-19 Thread Eugene Chekanskiy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eugene Chekanskiy updated AMBARI-21970:
---
Status: Patch Available  (was: Open)

> Enable sticky bit for curl_krb_cache
> 
>
> Key: AMBARI-21970
> URL: https://issues.apache.org/jira/browse/AMBARI-21970
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Krishnama Raju K
>Assignee: Eugene Chekanskiy
>Priority: Minor
> Attachments: AMBARI-21970.patch
>
>
> In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit 
> enabled. Trying to enable such permissions ( sticky bit or any other 
> permissions ) for "curl_krb_request.py" is being over written after few 
> seconds.
> It is observed that the chmod permissions set in "curl_krb_request.py" 
> enforces periodic 0777 as shown in below snippet.
> {code:java}
> curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
>   if not os.path.exists(curl_krb_cache_path):
> os.makedirs(curl_krb_cache_path)
>   os.chmod(curl_krb_cache_path, 0777)
> {code}
> Ref: 
> https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Hence, code changes need to be done for setting the sticky bit to prevent 
> access from users who did not create the specific file. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (AMBARI-21970) Enable sticky bit for curl_krb_cache

2017-09-19 Thread Eugene Chekanskiy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eugene Chekanskiy updated AMBARI-21970:
---
Attachment: AMBARI-21970.patch

> Enable sticky bit for curl_krb_cache
> 
>
> Key: AMBARI-21970
> URL: https://issues.apache.org/jira/browse/AMBARI-21970
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.5.0
>Reporter: Krishnama Raju K
>Assignee: Eugene Chekanskiy
>Priority: Minor
> Attachments: AMBARI-21970.patch
>
>
> In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit 
> enabled. Trying to enable such permissions ( sticky bit or any other 
> permissions ) for "curl_krb_request.py" is being over written after few 
> seconds.
> It is observed that the chmod permissions set in "curl_krb_request.py" 
> enforces periodic 0777 as shown in below snippet.
> {code:java}
> curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
>   if not os.path.exists(curl_krb_cache_path):
> os.makedirs(curl_krb_cache_path)
>   os.chmod(curl_krb_cache_path, 0777)
> {code}
> Ref: 
> https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Hence, code changes need to be done for setting the sticky bit to prevent 
> access from users who did not create the specific file. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)