Fix opensearch-dashboard user's permission to allow reading the service configuration files #4038
Conversation
smortex
requested review from
dblock,
peterzhuamazon,
bbarani,
gaiksaya,
rishabh6788,
zelinh,
jordarlu,
prudhvigodithi,
Divyaasm and
tianleh
as code owners
|
@peterzhuamazon I saw this trying RC .deb packages (first RC I try). It looks like it slept-through when I was working on #3952… I think it needs special labeling so that it is included in the 2.10.0 release. Thank you! |
Codecov Report
@@ Coverage Diff @@
## main #4038 +/- ##
=======================================
Coverage 92.10% 92.10%
=======================================
Files 187 187
Lines 5674 5674
=======================================
Hits 5226 5226
Misses 448 448 |
In opensearch-project#3952, the permissions where changed to fix some inconsistencies in the .deb and .rpm packaging. This change restricted access to the configuration files (which where previously readable by all users) but failed to adjust the files ownership so that the service can access these files. Ensure the configuration directory and files belong to the root user and the opensearch-dashboards group Signed-off-by: Romain Tartière <[email protected]>
smortex
force-pushed
the
allow-opensearch-dashboard-user-to-read-config
branch
from
78e8e00
to
b866ee5
Compare
|
Hi @smortex , We do see OpenSearch rpm/deb test failed to start cluster as well. Do you need to do the same fix on OpenSearch? Thanks. |
peterzhuamazon
added
bug
|
@peterzhuamazon the OpenSearch package is fine according to my testing, it already had some config that changed the owner and we kept it unchanged (just changed the permissions) |
Thanks @smortex I think it might be a plugin that caused some hiccups in test. I will go ahead and merge this. Thanks. |
smortex
changed the title
…h-project#4038)" This reverts commit c988f82.
…t#4038) Signed-off-by: Romain Tartière <[email protected]>
…t#4038) Signed-off-by: Romain Tartière <[email protected]> Signed-off-by: Peter Zhu <[email protected]>
…t#4038) Signed-off-by: Romain Tartière <[email protected]> Signed-off-by: Peter Zhu <[email protected]>
In #3952, the permissions where changed to fix some inconsistencies in
the .deb and .rpm packaging.
This change restricted access to the configuration files (which where
previously readable by all users) but failed to adjust the files
ownership so that the service can access these files.
Ensure the configuration directory and files belong to the root user and
the opensearch-dashboards group
Signed-off-by: Romain Tartière [email protected]