[AMBARI-21970] Enable sticky bit for curl_krb_cache - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: None
Component/s: ambari-server
Labels:
None

Description

In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit enabled. Trying to enable such permissions ( sticky bit or any other permissions ) for "curl_krb_request.py" is being over written after few seconds.
It is observed that the chmod permissions set in "curl_krb_request.py" enforces periodic 0777 as shown in below snippet.

curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache")
  if not os.path.exists(curl_krb_cache_path):
    os.makedirs(curl_krb_cache_path)
  os.chmod(curl_krb_cache_path, 0777)

Ref: https://github.com/apache/ambari/blob/trunk/ambari-common/src/main/python/resource_management/libraries/functions/curl_krb_request.py

Hence, code changes need to be done for setting the sticky bit to prevent access from users who did not create the specific file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-21970.patch
19/Sep/17 13:07
0.9 kB
Eugene Chekanskiy

Activity

People

Assignee:: Eugene Chekanskiy

Reporter:: Krishnama Raju K

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15/Sep/17 21:39

Updated:: 20/Sep/17 14:30

Resolved:: 20/Sep/17 13:28