Skip to content

Fix insecure file permissions #46

New issue
New issue
Closed
Closed
Fix insecure file permissions#46
Assignees
siegfriedweber
@siegfriedweber

Description

@siegfriedweber
siegfriedweber
opened on Oct 17, 2025

Fix the following warnings at startup:

[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] Directory /stackable/opensearch/config has insecure file permissions (should be 0700)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/log4j2.properties has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] Directory /stackable/opensearch/config/opensearch-security has insecure file permissions (should be 0700)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/nodes_dn.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/action_groups.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/roles.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/roles_mapping.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/allowlist.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/audit.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/tenants.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,958][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/config.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..data has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] Directory /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610 has insecure file permissions (should be 0700)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/nodes_dn.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/action_groups.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/roles.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/roles_mapping.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/allowlist.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/audit.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/tenants.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/internal_users.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,959][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch-security/..2025_10_17_06_44_08.3391190610/config.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,960][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/opensearch.yml has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,960][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] Directory /stackable/opensearch/config/repository-s3 has insecure file permissions (should be 0700)
[2025-10-17T06:44:30,960][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/repository-s3/log4j2.properties has insecure file permissions (should be 0600)
[2025-10-17T06:44:30,960][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] Directory /stackable/opensearch/config/telemetry-otel has insecure file permissions (should be 0700)
[2025-10-17T06:44:30,960][WARN ][o.o.s.OpenSearchSecurityPlugin] [opensearch-nodes-cluster-manager-0] File /stackable/opensearch/config/telemetry-otel/log4j2.properties has insecure file permissions (should be 0600)

The warnings concerning the symlinks to the security configuration files will be fixed (or avoided) in #43. They could already avoided now if every configuration file is mounted individually via subPath.

Part of #1

Tasks

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

Stackable Engineering

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions