Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] Remove spurious SGID bit on directories #10313

Merged
merged 1 commit into from
Oct 3, 2023
Merged

[Backport 2.x] Remove spurious SGID bit on directories #10313

merged 1 commit into from
Oct 3, 2023

Conversation

opensearch-trigger-bot[bot]
Copy link
Contributor

Backport 9d0db5e from #9447.

@github-actions
Remove spurious SGID (#9447)
8dfebdb 
Setting the SGID bit on directories is maybe something some users will
want to use, but setting it by default for all users does not really
make sense and when packaging OpenSearch, we need to remove this
customization when building packges.

This was added to ElasticSearch to make it possible to manage the
keystore as root while the service runs as an unprivileged user.
Without the SGID trick, the generated keystore was owned by root and
ElasticSearch could not access it.

It is preferable to manage the keystore with non-root privileges, and
this hack is not required in this case.  Stick to the default
permissions and remove this personalization.

Signed-off-by: Romain Tartière <romain@blogreen.org>
(cherry picked from commit 9d0db5e)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@dblock
Copy link
Member

dblock commented Oct 2, 2023
edited
Loading

@smortex any breaking side effects for 2.x users that would tell us not to backport?

@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2023

Compatibility status:

Checks if related components are compatible with change 8dfebdb

Incompatible components

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/neural-search.git]

@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2023

Gradle Check (Jenkins) Run Completed with:

@smortex
Copy link
Contributor

smortex commented Oct 2, 2023

@smortex any breaking side effects for 2.x users that would tell us not to backport?

I can't think of a "regular" setup where this can be an issue. While we can always imagine setup with complicated workflow that would require adjusting with this change, it feels safe to backport to me.

@reta reta merged commit b272689 into 2.x Oct 3, 2023
59 checks passed
@github-actions github-actions bot deleted the backport/backport-9447-to-2.x branch October 3, 2023 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smortex smortex smortex approved these changes

@reta reta reta approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@setiah setiah Awaiting requested review from setiah

@kartg kartg Awaiting requested review from kartg

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@peternied peternied Awaiting requested review from peternied

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dblock @smortex @reta