Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Resume] Improve ownership and permissions of files in OpenSearch/Dashboards deb and rpm packages #4043

Merged

Conversation

peterzhuamazon
Copy link
Member

@peterzhuamazon peterzhuamazon commented Sep 19, 2023

Description

[Resume] Improve ownership and permissions of files in OpenSearch/Dashboards deb and rpm packages
Originally commit by @smortex on #3898 #3952 #4038.

Issues Resolved

#3815 (comment)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov
Copy link

codecov bot commented Sep 19, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.16%. Comparing base (78fd2fd) to head (37b2b68).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4043   +/-   ##
=======================================
  Coverage   92.16%   92.16%           
=======================================
  Files         192      192           
  Lines        6282     6282           
=======================================
  Hits         5790     5790           
  Misses        492      492           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

smortex added a commit to smortex/opensearch-build that referenced this pull request Sep 20, 2023
In opensearch-project#4043, we will introduce changes that might impact users.  Add a note
at installation time to warn them about this future change and how to
proceed to not have trouble if they will be affected by the change.

Signed-off-by: Romain Tartière <romain@blogreen.org>
@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Feb 28, 2024

Thinking if we need to make some adjustment so that 1.x is not picking this change, but 2.x and higher will take this change.

cc: @smortex @bbarani

Thanks.

@peterzhuamazon peterzhuamazon linked an issue Mar 13, 2024 that may be closed by this pull request
@peterzhuamazon peterzhuamazon marked this pull request as ready for review March 13, 2024 21:11
@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Mar 13, 2024

Before:
drwxr-xr-x 9 opensearch opensearch 4096 Mar 13 21:22 opensearch/

After:
drwxr-x--- 9 opensearch opensearch 4096 Mar 13 21:23 opensearch/

@peterzhuamazon
Copy link
Member Author

Thinking if we need to make some adjustment so that 1.x is not picking this change, but 2.x and higher will take this change.

cc: @smortex @bbarani

Thanks.

I will setup the changes so that 1.x becomes legacy and new changes goes to current in another PR.

@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Mar 13, 2024

Start more testing:

PermissionError: [Errno 13] Permission denied: '/etc/opensearch/opensearch.yml'

shutil.Error: [('/usr/share/opensearch/logs/opensearchcluster1_index_indexing_slowlog.json', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_index_indexing_slowlog.json', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_index_indexing_slowlog.json'"), ('/usr/share/opensearch/logs/opensearchcluster1_deprecation.json', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_deprecation.json', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_deprecation.json'"), ('/usr/share/opensearch/logs/opensearchcluster1_task_detailslog.json', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_task_detailslog.json', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_task_detailslog.json'"), ('/usr/share/opensearch/logs/opensearchcluster1_index_search_slowlog.log', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_index_search_slowlog.log', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_index_search_slowlog.log'"), ('/usr/share/opensearch/logs/opensearchcluster1_server.json', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_server.json', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_server.json'"), ('/usr/share/opensearch/logs/opensearchcluster1_task_detailslog.log', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_task_detailslog.log', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_task_detailslog.log'"), ('/usr/share/opensearch/logs/opensearchcluster1_index_indexing_slowlog.log', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_index_indexing_slowlog.log', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_index_indexing_slowlog.log'"), ('/usr/share/opensearch/logs/opensearchcluster1.log', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1.log', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1.log'"), ('/usr/share/opensearch/logs/opensearchcluster1_deprecation.log', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_deprecation.log', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_deprecation.log'"), ('/usr/share/opensearch/logs/opensearchcluster1_index_search_slowlog.json', '/home/ubuntu/opensearch-build/test-results/51b0ac26b45942d8a81f982d373bf8ec/integ-test/geospatial/with-security/local-cluster-logs/id-0/opensearch-service-logs/opensearchcluster1_index_search_slowlog.json', "[Errno 13] Permission denied: '/usr/share/opensearch/logs/opensearchcluster1_index_search_slowlog.json'")]

…pensearch-project#3898)

Signed-off-by: Romain Tartière <romain@blogreen.org>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
…opensearch-project#3952)

Signed-off-by: Romain Tartière <romain@blogreen.org>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
…t#4038)

Signed-off-by: Romain Tartière <romain@blogreen.org>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Mar 14, 2024

Will send the changes of the integTest in another PR:

2024-03-14 20:39:36 INFO     | geospatial           | with-security        | PASS  |
2024-03-14 20:39:36 INFO     | geospatial           | without-security     | PASS  |

peterzhuamazon added a commit to peterzhuamazon/opensearch-build that referenced this pull request Mar 14, 2024
… integTest

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
peterzhuamazon added a commit to peterzhuamazon/opensearch-build that referenced this pull request Mar 14, 2024
… integTest

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
@peterzhuamazon peterzhuamazon merged commit 88dfb7f into opensearch-project:main Mar 15, 2024
12 checks passed
@peterzhuamazon peterzhuamazon deleted the deb-rpm-permissions-2 branch March 15, 2024 18:57
peterzhuamazon added a commit that referenced this pull request Mar 15, 2024
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
Divyaasm pushed a commit to Divyaasm/opensearch-build that referenced this pull request Mar 21, 2024
…hboards deb and rpm packages (opensearch-project#4043)

Signed-off-by: Romain Tartière <romain@blogreen.org>
Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
Co-authored-by: Romain Tartière <romain@blogreen.org>
Divyaasm pushed a commit to Divyaasm/opensearch-build that referenced this pull request Mar 21, 2024
… integTest (opensearch-project#4534)

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
@roock
Copy link

roock commented Apr 25, 2024

Not sure this is the right place to add this, but please note that the ownership change isn't fully reflected when upgrading opensearch package. ownership for files are correctly set to root, but directory are still owned by opensearch.

Our system: Debian 12, installation via apt package.

Upgrade from 2.12:

$ ls -la
total 324
drwxr-xr-x  8 opensearch opensearch   4096 16. Apr 16:24 .
drwxr-xr-x 96 root       root         4096 28. Mär 13:46 ..
drwxr-xr-x  3 opensearch opensearch   4096 12. Apr 11:22 bin
lrwxrwxrwx  1 opensearch opensearch     19 14. Okt 2022  data -> /var/lib/opensearch
drwxr-xr-x  9 opensearch opensearch   4096 12. Apr 11:22 jdk
drwxr-xr-x  3 opensearch opensearch  12288 12. Apr 11:22 lib
lrwxrwxrwx  1 opensearch opensearch     19 14. Okt 2022  logs -> /var/log/opensearch
-rw-r--r--  1 root       root         8610 14. Okt 2022  manifest.yml
drwxr-xr-x 22 opensearch opensearch   4096 12. Apr 11:22 modules
-rw-r--r--  1 root       root       273938 14. Okt 2022  NOTICE.txt
drwxr-xr-x  5 opensearch opensearch   4096 28. Mär 13:46 performance-analyzer-rca
drwxr-xr-x 24 opensearch opensearch   4096 12. Apr 14:13 plugins
-rw-r--r--  1 root       root         3699 14. Okt 2022  README.md

New installation with 2.13

$ ls -al /usr/share/opensearch/
total 316
drwxr-xr-x  8 root root   4096 25. Apr 10:38 .
drwxr-xr-x 94 root root   4096 25. Apr 10:38 ..
drwxr-xr-x  3 root root   4096 25. Apr 10:38 bin
lrwxrwxrwx  1 root root     19 14. Okt 2022  data -> /var/lib/opensearch
drwxr-xr-x  9 root root   4096 25. Apr 10:38 jdk
drwxr-xr-x  3 root root   4096 25. Apr 10:38 lib
lrwxrwxrwx  1 root root     19 14. Okt 2022  logs -> /var/log/opensearch
-rw-r--r--  1 root root   8610 14. Okt 2022  manifest.yml
drwxr-xr-x 22 root root   4096 25. Apr 10:38 modules
-rw-r--r--  1 root root 273938 14. Okt 2022  NOTICE.txt
drwxr-xr-x  5 root root   4096 25. Apr 10:38 performance-analyzer-rca
drwxr-xr-x 23 root root   4096 25. Apr 10:38 plugins
-rw-r--r--  1 root root   3699 14. Okt 2022  README.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

Successfully merging this pull request may close these issues.

Defaut config permission too relaxed in deb and rpm packages
4 participants