Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-3096

dfs.datanode.data.dir.perm is set to 755 instead of 700

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsAdd voteVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.23.0, 1.0.0
    • None
    • datanode
    • None

    Description

      dfs.datanode.data.dir.perm is used by the datanode to set the permissions of it data directories. This is set by default to 755 which gives read permissions to everyone to that directory, opening up possibility of reading the data blocks by anyone in a secure cluster. Admins can over-ride this config but its sub-optimal practice for the default to be weak. IMO, the default should be strong and the admins can relax it if necessary.
      The fix is to change default permissions to 700.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            bikassaha Bikas Saha Assign to me
            bikassaha Bikas Saha
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment