Tom Beerbower created AMBARI-12104:
--------------------------------------
Summary: ambari-server setup-security changes truststore
permissions to 600
Key: AMBARI-12104
URL: https://issues.apache.org/jira/browse/AMBARI-12104
Project: Ambari
Issue Type: Bug
Reporter: Tom Beerbower
Assignee: Tom Beerbower
Fix For: 2.1.0
The permissions change happens when {{ambari-server setup-security}} option
{{[1] Enable HTTPS for Ambari server.}} is run. 600 is too restrictive.
Make it 640 instead.
{code}
ServerConfiguration.py
self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
...
setupSecurity.py
def adjust_directory_permissions(ambari_user):
...
trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
if trust_store_location:
configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location,
configDefaults.TRUST_STORE_LOCATION_PERMISSIONS, "{0}", False))
{code}
[~mahadev], I'm not sure what the strategy should be here. Obviously the
permissions are being adjusted for a reason. The test creates the truststore
with 440 and then Ambari adjusts it to 600. What should the behavior be? We
could make it 640 to make the test pass but would that be too permissive in
some case?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
