[
https://issues.apache.org/jira/browse/AMBARI-25413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16974113#comment-16974113
]
Aashish Bathla commented on AMBARI-25413:
-----------------------------------------
As a workaround, we can make the below changes:
cp /usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py
/usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py.backup
Edit the file /usr/lib/ambari-server/lib/ambari_server/serverConfiguration.py
and change the permission from 640 to 644.
self.MASTER_KEY_FILE_PERMISSIONS = "640"
self.CREDENTIALS_STORE_FILE_PERMISSIONS = "640"
self.TRUST_STORE_LOCATION_PERMISSIONS = "640"
to
self.MASTER_KEY_FILE_PERMISSIONS = "644"
self.CREDENTIALS_STORE_FILE_PERMISSIONS = "644"
self.TRUST_STORE_LOCATION_PERMISSIONS = "644"
After that, We need to restart the Ambari Server.
> Ambari is changing the truststore permission from 444/644 to 640.
> -----------------------------------------------------------------
>
> Key: AMBARI-25413
> URL: https://issues.apache.org/jira/browse/AMBARI-25413
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.4
> Reporter: Aashish Bathla
> Priority: Major
>
> When running ambari-server setup-security and choosing '[1] Enable HTTPS for
> Ambari server.' we give the following information:
> Do you want to disable HTTPS [y/n] (n)? n
> SSL port [8080] ? 8080
> Enter path to Certificate: <Certificate File>
> Enter path to Private Key: <Key File>
> Please enter password for Private Key: <empty>
> Generating random password for HTTPS keystore...done.
> Importing and saving Certificate...done.
> Thereafter Unix permission of the systemwide Java truststore
> /var/lib/ca-certificates/java-cacerts are changed from mode 444 to 640.
> In consequence Applications do not start anymore because the truststore is
> not world readable. It's creating impact on applications which is run by
> other users.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
