[
https://issues.apache.org/jira/browse/BROOKLYN-46?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090959#comment-14090959
]
ASF GitHub Bot commented on BROOKLYN-46:
----------------------------------------
GitHub user aledsage opened a pull request:
https://github.com/apache/incubator-brooklyn/pull/114
BROOKLYN-46: persist files with 600 permission
Note this seriously affects performance of persisting files (i.e.
persisting entity state). It drops from about 5000 to 3000 writes per second on
my machine, with just measuring the `FileBasedObjectStore` performance (i.e.
ignoring the memento generation etc).
It won't affect performance of object store persistence at all.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/incubator-brooklyn
fix/persist-files-600-permission
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-brooklyn/pull/114.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #114
----
commit dee6c88333b6d6ebf9789bfec19791a4e2c7eaea
Author: Aled Sage <[email protected]>
Date: 2014-08-08T14:45:20Z
BROOKLYN-46: persist files with 600 permission
----
> Files created by persistence mechanism should not be readable by other users
> ----------------------------------------------------------------------------
>
> Key: BROOKLYN-46
> URL: https://issues.apache.org/jira/browse/BROOKLYN-46
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Sam Corbett
> Assignee: Aled Sage
>
> Originally reported at:
> https://github.com/brooklyncentral/brooklyn/issues/1240
> Files containing persisted state have permissions 644. Files containing
> persisted locations contain private key data. Other users should not be able
> to read this data. We should follow ssh's practice and restrict access to the
> user that owns the private key.
> {code}
> $ su otheruser
> $ ls -l /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations
> total 112
> -rw-r--r-- 1 sam staff 2319 10 Mar 10:38 BhIXCfBt
> -rw-r--r-- 1 sam staff 2317 10 Mar 10:38 FktCwLnX
> ...
> $ cat /Users/sam/.brooklyn/brooklyn-persisted-state/data/locations/BhIXCfBt
> <location>
> <brooklynVersion>0.7.0-SNAPSHOT</brooklynVersion>
> <type>brooklyn.location.basic.SshMachineLocation</type>
> <id>BhIXCfBt</id>
> <displayName>SshMachineLocation:BhIX</displayName>
> <children/>
> <locationConfig>
> <longitude type="double">-77.48750305175781</longitude>
> <port type="int">22</port>
> <latitude type="double">39.043701171875</latitude>
> <user>sam</user>
> <privateKeyData>-----BEGIN RSA PRIVATE KEY-----
> ... :-(
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
