ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiayi Liu (Jira)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2671) Running the setup.sh in usersync a second time will change the permissions and owner of hadoop core-site.xml
Date Mon, 06 Jan 2020 10:22:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jiayi Liu updated RANGER-2671:
------------------------------
    Attachment: 0001-RANGER-2667.patch

> Running the setup.sh in usersync a second time will change the permissions and owner
of hadoop core-site.xml
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-2671
>                 URL: https://issues.apache.org/jira/browse/RANGER-2671
>             Project: Ranger
>          Issue Type: Bug
>          Components: usersync
>    Affects Versions: 2.0.0, 1.2.0
>            Reporter: Jiayi Liu
>            Priority: Major
>         Attachments: 0001-RANGER-2667.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> If we run setup.sh in usersync a second time, the setup.py in usersync folder will change
the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect
other software that needs to read core-site.xml, for example, hiveserver2 will fail to start
because it does not have permission to read core-site.xml. Ranger should never change the
permission or ownership of core-site.xml in hadoop conf dir. 
> The reason why the permissions and owner of core-site.xml are modified is because the
following code in unixauthservice/scripts/setup.py
> {code:python}
> for dir in fixPermList:
>     for root, dirs, files in os.walk(dir):
>         os.chown(root, ownerId, groupId)
>         os.chmod(root, 0755)
>         for obj in dirs:
>             dn = join(root, obj)
>             os.chown(dn, ownerId, groupId)
>             os.chmod(dn, 0755)
>         for obj in files:
>             fn = join(root, obj)
>             os.chown(fn, ownerId, groupId)
>             os.chmod(fn, 0750)
> {code}
> If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml
in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml,
and use os.chown and os.chmod to change the permisson and ownership. We should unlink the
soft link of core-site.xml before this for loop. 
> pr: https://github.com/apache/ranger/pull/46



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message