[BUG] Security plugin warns of incorrect file permissions on certs & config files at startup

[jcgraybill]

Describe the bug
On startup, from a fresh OpenSearch installation of the .tgz distribution, the security plugin warns of incorrect directory and file permissions:

[2021-10-11T21:50:15,495][WARN ][o.o.s.OpenSearchSecurityPlugin] Directory /home/ec2-user/opensearch-1.1.0/config has insecure file permissions (should be 0700)
[2021-10-11T21:50:15,495][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/kirk.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,496][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/esnode.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,497][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/root-ca.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,498][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/esnode-key.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,499][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/kirk-key.pem has insecure file permissions (should be 0600)

These are the permissions on the files in question after running opensearch-tar-install.sh:

[ec2-user@ opensearch-1.1.0]$ ls -l
total 252
drwxr-xr-x  2 ec2-user ec2-user    263 Oct  4 21:46 bin
drwxr-xr-x  5 ec2-user ec2-user    279 Oct 11 21:50 config
drwxrwxr-x  3 ec2-user ec2-user    146 Oct 11 21:50 data
drwxr-xr-x  9 ec2-user ec2-user    107 Oct  4 21:32 jdk
drwxr-xr-x  3 ec2-user ec2-user   4096 Oct  4 21:32 lib
-rw-r--r--  1 ec2-user ec2-user  11358 Oct  4 21:26 LICENSE.txt
drwxr-xr-x  2 ec2-user ec2-user    336 Oct 11 21:50 logs
-rw-r--r--  1 ec2-user ec2-user   3690 Oct  4 21:46 manifest.yml
drwxr-xr-x 19 ec2-user ec2-user   4096 Oct  4 21:33 modules
-rw-r--r--  1 ec2-user ec2-user 215355 Oct  4 21:32 NOTICE.txt
-rwxrwxr-x  1 ec2-user ec2-user   3092 Oct  4 21:25 opensearch-tar-install.sh
drwxr-xr-x  6 ec2-user ec2-user     59 Oct  4 21:46 performance-analyzer-rca
drwxr-xr-x 14 ec2-user ec2-user   4096 Oct  4 21:46 plugins
-rw-r--r--  1 ec2-user ec2-user   1761 Oct  4 21:26 README.md
-rwxrwxr-x  1 ec2-user ec2-user    390 Oct 11 21:50 securityadmin_demo.sh
[ec2-user@ opensearch-1.1.0]$ ls -l config
total 48
-rw-rw-r-- 1 ec2-user ec2-user  1704 Oct 11 21:50 esnode-key.pem
-rw-rw-r-- 1 ec2-user ec2-user  1720 Oct 11 21:50 esnode.pem
-rw-rw---- 1 ec2-user ec2-user  2518 Oct 11 21:50 jvm.options
drwxr-x--- 2 ec2-user ec2-user     6 Oct  4 21:29 jvm.options.d
-rw-rw-r-- 1 ec2-user ec2-user  1704 Oct 11 21:50 kirk-key.pem
-rw-rw-r-- 1 ec2-user ec2-user  1610 Oct 11 21:50 kirk.pem
-rw-rw---- 1 ec2-user ec2-user 11646 Oct  4 21:31 log4j2.properties
-rw-rw---- 1 ec2-user ec2-user   196 Oct 11 21:50 opensearch.keystore
drwxr-x--- 2 ec2-user ec2-user    27 Oct  4 21:46 opensearch-notebooks
drwxr-x--- 2 ec2-user ec2-user    35 Oct  4 21:46 opensearch-reports-scheduler
-rw-rw---- 1 ec2-user ec2-user  4366 Oct 11 21:50 opensearch.yml
-rw-rw-r-- 1 ec2-user ec2-user  1444 Oct 11 21:50 root-ca.pem

To Reproduce

curl https://artifacts.opensearch.org/releases/bundle/opensearch/1.1.0/opensearch-1.1.0-linux-x64.tar.gz | tar -xz
./opensearch-1.1.0/opensearch-tar-install.sh

Expected behavior
Pls work with build repo & modify securityadmin_demo.sh to have all these files & directories have the desired permissions at launch, with no user action required.

Host/Environment (please complete the following information):

• OS: AL2 on EC2
• Version: OpenSearch 1.1

[davidlago]

This has been resolved via #2550 and others. Closing.