[jira] [Commented] (ACCUMULO-2806) Accumulo init should ensure wals and tables are not world readable

Wed, 14 May 2014 12:24:06 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13997850#comment-13997850
 ] 

Christopher Tubbs commented on ACCUMULO-2806:
---------------------------------------------

Clients do not need access to /accumulo/instance_id. They should not be using 
that. They should be specifying their instance with the ZooKeeperInstance with 
an instanceName. Some client commands (notably, the shell) will default to 
trying to read HDFS for the instance_id if no ZK options are specified. I think 
that's fine to fail if they aren't running as the same user as the accumulo 
services. We should just lock down the parent directory.

As an aside, do you know what the expected behavior is if the specified 
volume(s) already exist/don't exist in HDFS is when you execute init? This 
ticket seems to imply the pre-1.6 behavior with only a single HDFS path. How do 
the new multiple volumes configuration change this ticket (if at all)?

> Accumulo init should ensure wals and tables are not world readable
> ------------------------------------------------------------------
>
>                 Key: ACCUMULO-2806
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2806
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.6.0
>            Reporter: Sean Busbey
>            Priority: Critical
>             Fix For: 1.6.1, 1.7.0
>
>
> Just did an init on a new 1.6.1-SNAP cluster, and noticed the following 
> permissions:
> {noformat}
> dfs -ls /
> Found 4 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:48 /accumulo
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 08:10 /jobtracker
> drwxrwxrwx   - hdfs     supergroup          0 2014-05-14 08:10 /tmp
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 09:48 /user
> -bash-4.1$ hdfs dfs -ls /accumulo
> Found 3 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/instance_id
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/tables
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/version
> {noformat}
> I previously set up /accumulo as 755, under the understanding that clients 
> need access to /accumulo/instance_id
> things to fix
> # make init chmod tables and wals to 700, as a defensive measure to avoid 
> data leaks
> # maybe also make sure if the trash is enabled that our user directory is 
> also not world readable
> # If clients don't need access to instance_id, include a check that the data 
> dir is not world readable
> Workaround: manually change permissions after init



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to