Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.5.0
-
None
-
None
Description
In secure environment, we see that "/var/lib/ambari-agent/tmp" has sticky bit enabled. Trying to enable such permissions ( sticky bit or any other permissions ) for "curl_krb_request.py" is being over written after few seconds.
It is observed that the chmod permissions set in "curl_krb_request.py" enforces periodic 0777 as shown in below snippet.
curl_krb_cache_path = os.path.join(tmp_dir, "curl_krb_cache") if not os.path.exists(curl_krb_cache_path): os.makedirs(curl_krb_cache_path) os.chmod(curl_krb_cache_path, 0777)
Hence, code changes need to be done for setting the sticky bit to prevent access from users who did not create the specific file.