Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
1.5.0, 1.5.1, 1.6.0
-
None
-
None
Description
Just did an init on a new 1.6.1-SNAP cluster, and noticed the following permissions:
dfs -ls / Found 4 items drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:48 /accumulo drwxr-xr-x - hdfs supergroup 0 2014-05-14 08:10 /jobtracker drwxrwxrwx - hdfs supergroup 0 2014-05-14 08:10 /tmp drwxr-xr-x - hdfs supergroup 0 2014-05-14 09:48 /user -bash-4.1$ hdfs dfs -ls /accumulo Found 3 items drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 /accumulo/instance_id drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 /accumulo/tables drwxr-xr-x - accumulo supergroup 0 2014-05-14 09:55 /accumulo/version
I previously set up /accumulo as 755, under the understanding that clients need access to /accumulo/instance_id
things to fix
- make init chmod tables and wals to 700, as a defensive measure to avoid data leaks
- maybe also make sure if the trash is enabled that our user directory is also not world readable
- If clients don't need access to instance_id, include a check that the data dir is not world readable
Workaround: manually change permissions after init
Attachments
Issue Links
- relates to
-
ACCUMULO-2076 Make it easier to connect to acccumulo
-
- Resolved
-
- links to
