[
https://issues.apache.org/jira/browse/AMBARI-12104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14598549#comment-14598549
]
Hudson commented on AMBARI-12104:
---------------------------------
SUCCESS: Integrated in Ambari-branch-2.1 #98 (See
[https://builds.apache.org/job/Ambari-branch-2.1/98/])
AMBARI-12104 - ambari-server setup-security changes truststore permissions to
600 (tbeerbower) (tbeerbower:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=dbd97e82c35aca912e5cd620acc45fcbeea2429b)
* ambari-server/src/main/python/ambari_server/serverConfiguration.py
* ambari-server/src/main/python/ambari-server.py
> ambari-server setup-security changes truststore permissions to 600
> ------------------------------------------------------------------
>
> Key: AMBARI-12104
> URL: https://issues.apache.org/jira/browse/AMBARI-12104
> Project: Ambari
> Issue Type: Bug
> Reporter: Tom Beerbower
> Assignee: Tom Beerbower
> Fix For: 2.1.0
>
>
> The permissions change happens when {{ambari-server setup-security}} option
> {{[1] Enable HTTPS for Ambari server.}} is run. 600 is too restrictive.
> Make it 640 instead.
> {code}
> ServerConfiguration.py
> self.TRUST_STORE_LOCATION_PERMISSIONS = "600"
> ...
> setupSecurity.py
> def adjust_directory_permissions(ambari_user):
> ...
> trust_store_location = properties[SSL_TRUSTSTORE_PATH_PROPERTY]
> if trust_store_location:
> configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((trust_store_location,
> configDefaults.TRUST_STORE_LOCATION_PERMISSIONS, "{0}", False))
> {code}
> [~mahadev], I'm not sure what the strategy should be here. Obviously the
> permissions are being adjusted for a reason. The test creates the truststore
> with 440 and then Ambari adjusts it to 600. What should the behavior be? We
> could make it 640 to make the test pass but would that be too permissive in
> some case?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
