Hari Sekhon created AMBARI-21666:
------------------------------------

             Summary: /etc/hadoop/*/ssl-client.xml set chmod 600 instead of 640 
results in permission denied in Yarn RM log
                 Key: AMBARI-21666
                 URL: https://issues.apache.org/jira/browse/AMBARI-21666
             Project: Ambari
          Issue Type: Bug
          Components: ambari-agent, ambari-server
    Affects Versions: 2.5.0
         Environment: HDP 2.6.0.3 on SLES 12.1
            Reporter: Hari Sekhon


Ambari seems to have deployed /etc/hadoop/2.6.0.3/0/ssl-client.xml and 
ssl-server.xml with permissions 600 hdfs:hadoop resulting in Yarn RM getting 
permission denied in it's logs.

This should be set to 640 to allow the yarn process to use the hadoop group to 
read the files, or because it contains jks passwords use a new group containing 
only yarn (since yarn is only in the hadoop group), or set an extended ACL to 
permit just the yarn user read permissions.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to