Krishnama Raju K created AMBARI-21970:
-----------------------------------------
Summary: Enable sticky bit for curl_krb_cache
Key: AMBARI-21970
URL: https://issues.apache.org/jira/browse/AMBARI-21970
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.5.0
Reporter: Krishnama Raju K
Priority: Minor
In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit
enabled. Trying to enable such permissions ( sticky bit or any other
permissions ) for "curl_krb_request.py" is being over written after few seconds.
It is observed that the chmod permissions set in "curl_krb_request.py" enforces
periodic 0777 as shown in below snippet.
{code:java}
curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
if not os.path.exists(curl_krb_cache_path):
os.makedirs(curl_krb_cache_path)
os.chmod(curl_krb_cache_path, 0777)
{code}
Ref:
https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
Hence, code changes need to be done for setting the sticky bit to prevent
access from users who did not create the specific file.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
