Gargi-jais11 opened a new pull request, #9735: URL: https://github.com/apache/ozone/pull/9735
## What changes were proposed in this pull request? **Current Behaviour:** For Ozone metadata of **OM, SCM, DN** and **Recon** and **Datanode Directory**(/data/hdds) have **750** and **755** permissions respectively. **Proposed Behaviour:** We should bring Ozone up to parity with HDFS, where we have both a parameter that controls the permission, as well as health alerts for lax permissions. Incorrectly permissioned data directories can lead to a serious data breach as any user (e.g. any Spark application) is able to read the data files. **Make the default permissions for all ozone metadata and data directories as 700 similar to hdfs.** Added new config for data directory permission: `hdds.datanode.data.dir.permissions` with default value of **700** and changed ozone metadata directory permissions to **700** from 750. ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-14574 ## How was this patch tested? Added unit tests. Also manually tested for permissions: ``` // DN [bash]# ls -la total 4 drwx------ 8 hdfs hdfs 190 Feb 3 08:28 . drwxr-xr-x 6 root root 76 Feb 2 04:46 .. -rw-r--r-- 1 hdfs hdfs 0 Feb 3 08:28 cd drwx------ 3 hdfs hdfs 65 Feb 3 08:28 data --------------------------> 700 data -rw-r--r-- 1 hdfs hdfs 408 Feb 3 06:08 datanode.id drwxr-xr-x 2 hdfs hdfs 10 Feb 2 04:46 db.checkpoints drwxr-xr-x 3 hdfs hdfs 37 Feb 2 04:46 db.snapshots drwx------ 5 hdfs hdfs 72 Feb 3 07:17 ozone-metadata. ---------------------> 700 metadata drwxr-xr-x 3 root root 26 Feb 2 04:46 ratis drwxr-xr-x 2 hdfs hdfs 333 Feb 3 06:08 witnessed_container.db // OM [bash om]# ls -la total 0 drwxr-xr-x 5 root root 69 Feb 2 04:46 . drwxr-xr-x 6 root root 76 Feb 2 04:46 .. drwx------ 6 hdfs hdfs 112 Feb 4 06:03 data drwx------ 7 hdfs hdfs 117 Feb 2 06:07 ozone-metadata drwxr-xr-x 3 hdfs hdfs 58 Feb 2 04:47 ratis // recon [bash recon]# ls -la total 0 drwxr-xr-x 6 root root 81 Feb 2 04:46 . drwxr-xr-x 6 root root 76 Feb 2 04:46 .. drwx------ 8 hdfs hdfs 184 Feb 2 04:47 data drwxr-xr-x 3 root root 18 Feb 2 04:46 om drwx------ 4 hdfs hdfs 48 Feb 2 04:46 ozone-metadata drwxr-xr-x 3 root root 26 Feb 2 04:46 scm //SCM [bash scm]# ls -la total 0 drwxr-xr-x 5 root root 69 Feb 2 04:46 . drwxr-xr-x 6 root root 76 Feb 2 04:46 .. drwx------ 6 hdfs hdfs 93 Feb 2 04:46 data drwx------ 6 hdfs hdfs 96 Feb 2 06:07 ozone-metadata drwxr-xr-x 3 hdfs hdfs 58 Feb 2 04:46 ratis ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
