[ https://issues.apache.org/jira/browse/ACCUMULO-2806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15883017#comment-15883017 ]
Michael Miller commented on ACCUMULO-2806: ------------------------------------------ When this was created, it seemed to be fairly important but was never implemented. I looked into this a bit and seems like a fairly simple fix to by adding a mkdirs() method to our VolumeManager that accepts permissions as a parameter. Did this just get lost or was there a larger functional issue with changing the permissions of Accumulo directories? > Accumulo init should ensure wals and tables are not world readable > ------------------------------------------------------------------ > > Key: ACCUMULO-2806 > URL: https://issues.apache.org/jira/browse/ACCUMULO-2806 > Project: Accumulo > Issue Type: Bug > Affects Versions: 1.5.0, 1.5.1, 1.6.0 > Reporter: Sean Busbey > Priority: Critical > Fix For: 1.8.2, 2.0.0 > > > Just did an init on a new 1.6.1-SNAP cluster, and noticed the following > permissions: > {noformat} > dfs -ls / > Found 4 items > drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:48 /accumulo > drwxr-xr-x - hdfs supergroup 0 2014-05-14 08:10 /jobtracker > drwxrwxrwx - hdfs supergroup 0 2014-05-14 08:10 /tmp > drwxr-xr-x - hdfs supergroup 0 2014-05-14 09:48 /user > -bash-4.1$ hdfs dfs -ls /accumulo > Found 3 items > drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 > /accumulo/instance_id > drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 > /accumulo/tables > drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 > /accumulo/version > {noformat} > I previously set up /accumulo as 755, under the understanding that clients > need access to /accumulo/instance_id > things to fix > # make init chmod tables and wals to 700, as a defensive measure to avoid > data leaks > # maybe also make sure if the trash is enabled that our user directory is > also not world readable > # If clients don't need access to instance_id, include a check that the data > dir is not world readable > Workaround: manually change permissions after init -- This message was sent by Atlassian JIRA (v6.3.15#6346)