You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
On startup, from a fresh OpenSearch installation of the .tgz distribution, the security plugin warns of incorrect directory and file permissions:
[2021-10-11T21:50:15,495][WARN ][o.o.s.OpenSearchSecurityPlugin] Directory /home/ec2-user/opensearch-1.1.0/config has insecure file permissions (should be 0700)
[2021-10-11T21:50:15,495][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/kirk.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,496][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/esnode.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,497][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/root-ca.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,498][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/esnode-key.pem has insecure file permissions (should be 0600)
[2021-10-11T21:50:15,499][WARN ][o.o.s.OpenSearchSecurityPlugin] File /home/ec2-user/opensearch-1.1.0/config/kirk-key.pem has insecure file permissions (should be 0600)
These are the permissions on the files in question after running opensearch-tar-install.sh:
[ec2-user@ opensearch-1.1.0]$ ls -l
total 252
drwxr-xr-x 2 ec2-user ec2-user 263 Oct 4 21:46 bin
drwxr-xr-x 5 ec2-user ec2-user 279 Oct 11 21:50 config
drwxrwxr-x 3 ec2-user ec2-user 146 Oct 11 21:50 data
drwxr-xr-x 9 ec2-user ec2-user 107 Oct 4 21:32 jdk
drwxr-xr-x 3 ec2-user ec2-user 4096 Oct 4 21:32 lib
-rw-r--r-- 1 ec2-user ec2-user 11358 Oct 4 21:26 LICENSE.txt
drwxr-xr-x 2 ec2-user ec2-user 336 Oct 11 21:50 logs
-rw-r--r-- 1 ec2-user ec2-user 3690 Oct 4 21:46 manifest.yml
drwxr-xr-x 19 ec2-user ec2-user 4096 Oct 4 21:33 modules
-rw-r--r-- 1 ec2-user ec2-user 215355 Oct 4 21:32 NOTICE.txt
-rwxrwxr-x 1 ec2-user ec2-user 3092 Oct 4 21:25 opensearch-tar-install.sh
drwxr-xr-x 6 ec2-user ec2-user 59 Oct 4 21:46 performance-analyzer-rca
drwxr-xr-x 14 ec2-user ec2-user 4096 Oct 4 21:46 plugins
-rw-r--r-- 1 ec2-user ec2-user 1761 Oct 4 21:26 README.md
-rwxrwxr-x 1 ec2-user ec2-user 390 Oct 11 21:50 securityadmin_demo.sh
[ec2-user@ opensearch-1.1.0]$ ls -l config
total 48
-rw-rw-r-- 1 ec2-user ec2-user 1704 Oct 11 21:50 esnode-key.pem
-rw-rw-r-- 1 ec2-user ec2-user 1720 Oct 11 21:50 esnode.pem
-rw-rw---- 1 ec2-user ec2-user 2518 Oct 11 21:50 jvm.options
drwxr-x--- 2 ec2-user ec2-user 6 Oct 4 21:29 jvm.options.d
-rw-rw-r-- 1 ec2-user ec2-user 1704 Oct 11 21:50 kirk-key.pem
-rw-rw-r-- 1 ec2-user ec2-user 1610 Oct 11 21:50 kirk.pem
-rw-rw---- 1 ec2-user ec2-user 11646 Oct 4 21:31 log4j2.properties
-rw-rw---- 1 ec2-user ec2-user 196 Oct 11 21:50 opensearch.keystore
drwxr-x--- 2 ec2-user ec2-user 27 Oct 4 21:46 opensearch-notebooks
drwxr-x--- 2 ec2-user ec2-user 35 Oct 4 21:46 opensearch-reports-scheduler
-rw-rw---- 1 ec2-user ec2-user 4366 Oct 11 21:50 opensearch.yml
-rw-rw-r-- 1 ec2-user ec2-user 1444 Oct 11 21:50 root-ca.pem
To Reproduce
curl https://artifacts.opensearch.org/releases/bundle/opensearch/1.1.0/opensearch-1.1.0-linux-x64.tar.gz | tar -xz
./opensearch-1.1.0/opensearch-tar-install.sh
Expected behavior
Pls work with build repo & modify securityadmin_demo.sh to have all these files & directories have the desired permissions at launch, with no user action required.
Host/Environment (please complete the following information):
OS: AL2 on EC2
Version: OpenSearch 1.1
The text was updated successfully, but these errors were encountered:
Describe the bug
On startup, from a fresh OpenSearch installation of the .tgz distribution, the security plugin warns of incorrect directory and file permissions:
These are the permissions on the files in question after running
opensearch-tar-install.sh
:To Reproduce
Expected behavior
Pls work with build repo & modify securityadmin_demo.sh to have all these files & directories have the desired permissions at launch, with no user action required.
Host/Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: