[HBASE-13780] Default to 700 for HDFS root dir permissions for secure deployments - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.98.13, 1.0.2, 1.2.0, 1.1.1, 2.0.0
Component/s: Operability, security
Labels:
None

Hadoop Flags:

Reviewed

Description

Secure mode deployments should protect the files under HDFS root dir. We should check and set the root dirs permissions on a kerberos setup so that users does not have to.

We have hbase.data.umask.enable and hbase.data.umask for data files, but those are not that useful since we should protect dir listing, and access to WAL files, snapshot files, etc.

See ~~HBASE-13768~~ which has an integration test for this.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-13780-0.98.patch
27/May/15 20:31
10 kB
Andrew Kyle Purtell
hbase-13780_v1.patch
27/May/15 02:50
9 kB
Enis Soztutar

Activity

People

Assignee:: Enis Soztutar

Reporter:: Enis Soztutar

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 26/May/15 21:41

Updated:: 18/Dec/15 05:11

Resolved:: 27/May/15 20:38