[
https://issues.apache.org/jira/browse/METRON-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940293#comment-15940293
]
ASF GitHub Bot commented on METRON-796:
---------------------------------------
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/488
Opening this to the hadoop group feels wrong from a security perspective.
That gives all the other hadoop users too much write access to the data store.
A better solution would be to have the topologies run as a metron user rather
than as storm, or to add the storm user to the metron group to maintain a least
access required principal.
> Mpack uses wrong group for owning HDFS directories
> --------------------------------------------------
>
> Key: METRON-796
> URL: https://issues.apache.org/jira/browse/METRON-796
> Project: Metron
> Issue Type: Bug
> Reporter: Justin Leet
> Assignee: Justin Leet
>
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=storm, access=WRITE,
> inode="/apps/metron/indexing/indexed/snort/enrichment-null-0-0-1490305873514.json":metron:metron:drwxrwx
> The group got changed a bit ago from cluster_env.user_group (hadoop) to
> cluster_env.metron_group (metron). However, because everything right now
> runs as the storm user (which is in the hadoop group), it doesn't have perms
> to write anymore.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
