Skip to content

Commit 63691d4

Browse files
siegfriedwebersiegfriedweber
committed
fix(opensearch): Fix insecure file permissions
1 parent a0cb5da commit 63691d4

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

CHANGELOG.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@ All notable changes to this project will be documented in this file.
5050
- hbase: replace `sed` calls with `config-utils template` where possible ([#1301]).
5151
- superset: Fix the 4.1.2 build when building from source ([#1309])
5252

53+
### Fixed
54+
55+
- opensearch: Fix insecure file permissions ([#1311]).
56+
5357
### Removed
5458

5559
- opensearch: Stop applying formatting plugin ([#1230]).
@@ -84,8 +88,8 @@ All notable changes to this project will be documented in this file.
8488
[#1277]: https://github.com/stackabletech/docker-images/pull/1277
8589
[#1278]: https://github.com/stackabletech/docker-images/pull/1278
8690
[#1279]: https://github.com/stackabletech/docker-images/pull/1279
87-
[#1283]: https://github.com/stackabletech/docker-images/pull/1283
8891
[#1280]: https://github.com/stackabletech/docker-images/pull/1280
92+
[#1283]: https://github.com/stackabletech/docker-images/pull/1283
8993
[#1284]: https://github.com/stackabletech/docker-images/pull/1284
9094
[#1285]: https://github.com/stackabletech/docker-images/pull/1285
9195
[#1286]: https://github.com/stackabletech/docker-images/pull/1286
@@ -99,8 +103,9 @@ All notable changes to this project will be documented in this file.
99103
[#1300]: https://github.com/stackabletech/docker-images/pull/1300
100104
[#1301]: https://github.com/stackabletech/docker-images/pull/1301
101105
[#1304]: https://github.com/stackabletech/docker-images/pull/1304
102-
[#1309]: https://github.com/stackabletech/docker-images/pull/1309
103106
[#1308]: https://github.com/stackabletech/docker-images/pull/1308
107+
[#1309]: https://github.com/stackabletech/docker-images/pull/1309
108+
[#1311]: https://github.com/stackabletech/docker-images/pull/1311
104109

105110
## [25.7.0] - 2025-07-23
106111

opensearch/Dockerfile

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,13 @@ rm -r jdk
8181
# see https://github.com/stackabletech/docker-images/issues/961
8282
chmod +x /stackable/opensearch-${PRODUCT_VERSION}/opensearch-docker-entrypoint.sh
8383
chmod -R g=u /stackable
84+
85+
# The OpenSearch Security Plugin expects specific permissions in the config directory, otherwise
86+
# warnings are shown at startup.
87+
# see https://github.com/opensearch-project/security/blob/3.1.0.0/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java#L547-L590
88+
find /stackable/opensearch-${PRODUCT_VERSION}/config -type d -exec chmod 770 {} \;
89+
find /stackable/opensearch-${PRODUCT_VERSION}/config -type f -exec chmod 660 {} \;
90+
8491
EOF
8592

8693
# The OpenSearch Performance Analyzer needs a JDK, not just a JRE.

0 commit comments

Comments
 (0)