Hi Sebastian, I'm not aware of any reasoning behind this choice (happy to be corrected), but I think it wouldn't hurt to have better default permissions.
Feel free to open a JIRA ticket to suggest this change on https://issues.apache.org/jira/projects/CASSANDRA/summary Em ter., 22 de mar. de 2022 às 08:10, Sebastian Schulze <mail...@bascht.com> escreveu: > Hi all! > > After doing some maintenance work on one of our Cassandra notes, I noticed > that the default permissions for /var/lib/cassandra and everything below > seem to be "world readable", e.g. "drwxr-xr-x 6 cassandra cassandra". > > This might depend on the distribution / package used, but I can at least > confirm this for the official Cassandra Debian packages as well as the > Docker containers. Out of curiosity I compared it to Postgres and MySQL to > see which defaults they would opt for and they are > > drwxr-x--- 2 mysql mysql 4.0K Mar 22 10:00 mysql > > and respectively > > drwx------ 19 postgres postgres 4.0K Mar 22 10:01 data > > which is way more appropriate in my option. (See [0] for the Gist and the > script to test it) > > Does anyone know the reasoning for leaving the directories world readable? > In our own setup we now locked it down to the Cassandra user and group and > haven't had any problems with it so far. > > Best, > Bascht > > [0] https://gist.github.com/bascht/31fa749d4121b9898902d5d557a01f82 >
