Hi all! After doing some maintenance work on one of our Cassandra notes, I noticed that the default permissions for /var/lib/cassandra and everything below seem to be "world readable", e.g. "drwxr-xr-x 6 cassandra cassandra".
This might depend on the distribution / package used, but I can at least confirm this for the official Cassandra Debian packages as well as the Docker containers. Out of curiosity I compared it to Postgres and MySQL to see which defaults they would opt for and they are drwxr-x--- 2 mysql mysql 4.0K Mar 22 10:00 mysql and respectively drwx------ 19 postgres postgres 4.0K Mar 22 10:01 data which is way more appropriate in my option. (See [0] for the Gist and the script to test it) Does anyone know the reasoning for leaving the directories world readable? In our own setup we now locked it down to the Cassandra user and group and haven't had any problems with it so far. Best, Bascht [0] https://gist.github.com/bascht/31fa749d4121b9898902d5d557a01f82