[
https://issues.apache.org/jira/browse/AMBARI-21970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16173248#comment-16173248
]
Hudson commented on AMBARI-21970:
---------------------------------
FAILURE: Integrated in Jenkins build Ambari-branch-2.6 #254 (See
[https://builds.apache.org/job/Ambari-branch-2.6/254/])
AMBARI-21970. Enable sticky bit for curl_krb_cache (echekanskiy) (echekanskiy:
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=629f3ee6d0433fe01523af7c20a133229926e9dc])
* (edit)
ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Enable sticky bit for curl_krb_cache
> ------------------------------------
>
> Key: AMBARI-21970
> URL: https://issues.apache.org/jira/browse/AMBARI-21970
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.5.0
> Reporter: Krishnama Raju K
> Assignee: Eugene Chekanskiy
> Priority: Minor
> Attachments: AMBARI-21970.patch
>
>
> In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit
> enabled. Trying to enable such permissions ( sticky bit or any other
> permissions ) for "curl_krb_request.py" is being over written after few
> seconds.
> It is observed that the chmod permissions set in "curl_krb_request.py"
> enforces periodic 0777 as shown in below snippet.
> {code:java}
> curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
> if not os.path.exists(curl_krb_cache_path):
> os.makedirs(curl_krb_cache_path)
> os.chmod(curl_krb_cache_path, 0777)
> {code}
> Ref:
> https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py
> Hence, code changes need to be done for setting the sticky bit to prevent
> access from users who did not create the specific file.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
