Bigtop
  1. Bigtop
  2. BIGTOP-857

Inconsistent group ownership of /var/run/hadoop-hdfs between .deb and .rpm installs

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.6.0
    • Component/s: None
    • Labels:
      None

      Description

      Several /var/

      {run,lib,log}

      /hadoop-* directories have 755 permissions on Debian but 775 permission on Red Hat. Probably innocuous, but inconsistent.

      1. BIGTOP-857.patch
        1 kB
        Sean Mackrory

        Activity

        Hide
        Aaron T. Myers added a comment -

        Actually I think the permissions matter quite a bit, at least on /var/run/hadoop-hdfs. I believe that needs to be 755.

        What shouldn't matter is the ownership of those dirs once all of the permissions are 755.

        Show
        Aaron T. Myers added a comment - Actually I think the permissions matter quite a bit, at least on /var/run/hadoop-hdfs. I believe that needs to be 755. What shouldn't matter is the ownership of those dirs once all of the permissions are 755.
        Hide
        Mark Grover added a comment -

        Thanks Sean. +1 (non-committer).

        Show
        Mark Grover added a comment - Thanks Sean. +1 (non-committer).
        Hide
        Sean Mackrory added a comment -

        >> I believe that needs to be 755.

        This patch changes the permissions from 775 to 755. Would 775 really cause a problem? I'd be curious to know how, since the permissions were just barely more permissive before.

        Show
        Sean Mackrory added a comment - >> I believe that needs to be 755. This patch changes the permissions from 775 to 755. Would 775 really cause a problem? I'd be curious to know how, since the permissions were just barely more permissive before.
        Hide
        Aaron T. Myers added a comment -

        By default I believe BigTop configures the Unix domain socket for HDFS short circuit reads under /var/run/hadoop-hdfs. When a DN starts up with short circuit read enabled, one of the things it does is verify the security of the local file system path where the domain socket will be created. The DN will error out if any component along that path is group-writable unless the group ownership is 'root'. I believe the group ownership of /var/run/hadoop-hdfs is either 'hadoop' or 'hdfs' in BigTop, and thus this directory must not be group-writable in order for short circuit local read to work properly.

        Show
        Aaron T. Myers added a comment - By default I believe BigTop configures the Unix domain socket for HDFS short circuit reads under /var/run/hadoop-hdfs. When a DN starts up with short circuit read enabled, one of the things it does is verify the security of the local file system path where the domain socket will be created. The DN will error out if any component along that path is group-writable unless the group ownership is 'root'. I believe the group ownership of /var/run/hadoop-hdfs is either 'hadoop' or 'hdfs' in BigTop, and thus this directory must not be group-writable in order for short circuit local read to work properly.
        Hide
        Roman Shaposhnik added a comment -

        +1 and committed. Same comment as before – please provide git'ified patches.

        Show
        Roman Shaposhnik added a comment - +1 and committed. Same comment as before – please provide git'ified patches.

          People

          • Assignee:
            Sean Mackrory
            Reporter:
            Sean Mackrory
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development