[jira] [Updated] (HDDS-14574) Enforce 700 permissions on Ozone Metadata and Data(hdds) directories

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDDS-14574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated HDDS-14574:
----------------------------------
    Labels: pull-request-available  (was: )

> Enforce 700 permissions on Ozone Metadata and Data(hdds) directories
> --------------------------------------------------------------------
>
>                 Key: HDDS-14574
>                 URL: https://issues.apache.org/jira/browse/HDDS-14574
>             Project: Apache Ozone
>          Issue Type: Bug
>            Reporter: Gargi Jaiswal
>            Assignee: Gargi Jaiswal
>            Priority: Major
>              Labels: pull-request-available
>
> *Current Behaviour:*
> For Ozone metadata of *OM, SCM, DN and Recon* and *Datanode* 
> {*}Directory{*}(/data/hdds) have *750* and *755 permissions* respectively. 
> ||Configuration Property||Permissions||
> |ozone.recon.db.dirs.permissions|750|
> |ozone.scm.db.dirs.permissions|750|
> |ozone.om.db.dirs.permissions|750|
> |ozone.metadata.dirs.permissions|750|
> We should bring Ozone up to parity with HDFS, where we have both a parameter 
> that controls the permission, as well as health alerts for lax permissions.
> Incorrectly permissioned data directories can lead to a serious data breach 
> as any user (e.g. any Spark application) is able to read the data files.
> *Proposed Behaviour:*
> Make the default permissions for all ozone metadata and data directories as 
> *700* similar to hdfs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org