Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-23083

Missing permission for 'others' when Ambari is configured with two way SSL and https enabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Cannot Reproduce
    • 2.6.2
    • 2.7.1
    • ambari-server

    Description

      1. Deploy Ambari-2.6.2.0 server on machine A
      2. Manually install and register agents on other machines (including machine A)
      3. Enable 2 way SSL between server and agents
      4. Enable https at Ambari server
      5. Deploy a cluster via blueprints with HDP-2.6.5.0

      After cluster is deployed, observed that the permission of files such as hadoop-env.sh is 'rw-r----'
      Complete output:

      [root@ctr-e138-1518143905142-36503-01-000002 logs]# ls -lhrt /etc/hadoop/conf/
total 176K
-rw-r--r-- 1 cstm-hdfs hadoop 8.9K Feb 22 09:30 core-site.xml
-rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_dn_jaas.conf
-rw-r----- 1 cstm-hdfs hadoop 333 Feb 22 09:35 hdfs_nn_jaas.conf
-rw-r----- 1 cstm-hdfs hadoop 1.3K Feb 22 09:35 hadoop-policy.xml
-rw-r----- 1 cstm-hdfs hadoop 884 Feb 22 09:35 ssl-client.xml
drwxr-xr-x 2 root hadoop 4.0K Feb 22 09:35 secure
-rw-r----- 1 cstm-hdfs hadoop 1000 Feb 22 09:35 ssl-server.xml
-rw-r--r-- 1 cstm-hdfs hadoop 8.7K Feb 22 09:35 hdfs-site.xml
-rw-r--r-- 1 cstm-mr hadoop 7.5K Feb 22 09:37 mapred-site.xml
-rw-r--r-- 1 cstm-hdfs hadoop 2.3K Feb 22 09:37 capacity-scheduler.xml
-rw-r--r-- 1 root hadoop 1.1K Feb 22 09:37 container-executor.cfg
-rwxr-xr-x 1 root root 984 Feb 22 09:37 mapred-env.sh
-rw-r--r-- 1 root hadoop 947 Feb 22 09:37 taskcontroller.cfg
-rw-r----- 1 cstm-yarn hadoop 571 Feb 22 09:37 yarn_jaas.conf
-rw-r----- 1 cstm-yarn hadoop 337 Feb 22 09:37 yarn_ats_jaas.conf
-rw-r----- 1 cstm-yarn hadoop 333 Feb 22 09:37 yarn_nm_jaas.conf
-rw-r----- 1 cstm-mr hadoop 320 Feb 22 09:37 mapred_jaas.conf
-rw-r----- 1 root root 1020 Feb 22 09:48 commons-logging.properties
-rw-r----- 1 root root 1.6K Feb 22 09:48 health_check
-rw-r--r-- 1 cstm-hdfs hadoop 11K Feb 22 09:48 log4j.properties
-rwxr-xr-x 1 root root 4.2K Feb 22 09:48 task-log4j.properties
-rwxr-xr-x 1 root root 2.4K Feb 22 09:48 topology_script.py
-rw-r----- 1 root root 241 Feb 22 10:10 slaves
-rw-r----- 1 root hadoop 6.3K Feb 22 10:10 hadoop-env.sh
-rw-r--r-- 1 cstm-yarn hadoop 24K Feb 22 10:10 yarn-site.xml
-rwxr-xr-x 1 cstm-yarn hadoop 5.5K Feb 22 10:10 yarn-env.sh
-rw-r----- 1 cstm-hdfs hadoop 2.6K Feb 22 10:12 hadoop-metrics2.properties
-rw-r--r-- 1 cstm-hdfs hadoop 467 Feb 22 10:12 topology_mappings.data
-rw-r----- 1 cstm-hdfs hadoop 1 Feb 22 10:13 dfs.exclude

       

      When compared this with a non-SSL cluster the permission is 'rw-rr-' i.e. read permission is available for other users

      Attachments

        Activity

          People

            smolnar Sandor Molnar
            shavi71 Vivek Sharma
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: