[jira] [Commented] (ACCUMULO-2806) Accumulo init should ensure wals and tables are not world readable

Thu, 29 May 2014 13:05:29 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14012806#comment-14012806
 ] 

Josh Elser commented on ACCUMULO-2806:
--------------------------------------

Alright, I'll keep an eye on this as 1.5.2 (hopefully) starts to happen. My 
impression is that this could be bumped to 1.5.3 if necessary (since users can 
secure this themselves after the fact). Would you agree?

> Accumulo init should ensure wals and tables are not world readable
> ------------------------------------------------------------------
>
>                 Key: ACCUMULO-2806
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2806
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.0, 1.5.1, 1.6.0
>            Reporter: Sean Busbey
>            Assignee: Sean Busbey
>            Priority: Critical
>             Fix For: 1.5.2, 1.6.1, 1.7.0
>
>
> Just did an init on a new 1.6.1-SNAP cluster, and noticed the following 
> permissions:
> {noformat}
> dfs -ls /
> Found 4 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:48 /accumulo
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 08:10 /jobtracker
> drwxrwxrwx   - hdfs     supergroup          0 2014-05-14 08:10 /tmp
> drwxr-xr-x   - hdfs     supergroup          0 2014-05-14 09:48 /user
> -bash-4.1$ hdfs dfs -ls /accumulo
> Found 3 items
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/instance_id
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/tables
> drwxr-xr-x   - accumulo supergroup          0 2014-05-14 09:55 
> /accumulo/version
> {noformat}
> I previously set up /accumulo as 755, under the understanding that clients 
> need access to /accumulo/instance_id
> things to fix
> # make init chmod tables and wals to 700, as a defensive measure to avoid 
> data leaks
> # maybe also make sure if the trash is enabled that our user directory is 
> also not world readable
> # If clients don't need access to instance_id, include a check that the data 
> dir is not world readable
> Workaround: manually change permissions after init



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to