Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-21666

/etc/hadoop/*/ssl-client.xml set chmod 600 instead of 640 results in permission denied in Yarn RM log

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.5.0
    • None
    • ambari-agent, ambari-server
    • None

    • HDP 2.6.0.3 on SLES 12.1

    Description

      Ambari seems to have deployed /etc/hadoop/2.6.0.3/0/ssl-client.xml and ssl-server.xml with permissions 600 hdfs:hadoop resulting in Yarn RM getting permission denied in it's logs.

      This should be set to 640 to allow the yarn process to use the hadoop group to read the files, or because it contains jks passwords use a new group containing only yarn (since yarn is only in the hadoop group), or set an extended ACL to permit just the yarn user read permissions.

      Attachments

        Activity

          People

            Unassigned Unassigned
            harisekhon Hari Sekhon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: