From dev-return-23803-apmail-ranger-dev-archive=ranger.apache.org@ranger.apache.org Mon Jan 6 11:03:02 2020 Return-Path: X-Original-To: apmail-ranger-dev-archive@www.apache.org Delivered-To: apmail-ranger-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by minotaur.apache.org (Postfix) with SMTP id A7C141960B for ; Mon, 6 Jan 2020 11:03:02 +0000 (UTC) Received: (qmail 49376 invoked by uid 500); 6 Jan 2020 11:03:02 -0000 Delivered-To: apmail-ranger-dev-archive@ranger.apache.org Received: (qmail 49320 invoked by uid 500); 6 Jan 2020 11:03:02 -0000 Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list dev@ranger.apache.org Received: (qmail 49306 invoked by uid 99); 6 Jan 2020 11:03:01 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Jan 2020 11:03:01 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A2120E0319 for ; Mon, 6 Jan 2020 11:03:00 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 21AC77803E8 for ; Mon, 6 Jan 2020 11:03:00 +0000 (UTC) Date: Mon, 6 Jan 2020 11:03:00 +0000 (UTC) From: "Jiayi Liu (Jira)" To: dev@ranger.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Comment Edited] (RANGER-2671) Running the setup.sh in usersync a second time will change the permissions and owner of hadoop core-site.xml MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/RANGER-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995330#comment-16995330 ] Jiayi Liu edited comment on RANGER-2671 at 1/6/20 11:02 AM: ------------------------------------------------------------ Hi, [~rmani]. Thank you for your reply, I create a review request in https://reviews.apache.org/r/https://reviews.apache.org/r/71957, and set you as a reviewer. was (Author: liujiayi771): Hi, [~rmani]. Thank you for your reply, I create a review request in https://reviews.apache.org/r/https://reviews.apache.org/r/71957/, and set you as a reviewer. > Running the setup.sh in usersync a second time will change the permissions and owner of hadoop core-site.xml > ------------------------------------------------------------------------------------------------------------ > > Key: RANGER-2671 > URL: https://issues.apache.org/jira/browse/RANGER-2671 > Project: Ranger > Issue Type: Bug > Components: usersync > Affects Versions: 2.0.0, 1.2.0 > Reporter: Jiayi Liu > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir. > The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py > {code:python} > for dir in fixPermList: > for root, dirs, files in os.walk(dir): > os.chown(root, ownerId, groupId) > os.chmod(root, 0755) > for obj in dirs: > dn = join(root, obj) > os.chown(dn, ownerId, groupId) > os.chmod(dn, 0755) > for obj in files: > fn = join(root, obj) > os.chown(fn, ownerId, groupId) > os.chmod(fn, 0750) > {code} > If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop. > pr: https://github.com/apache/ranger/pull/46 -- This message was sent by Atlassian Jira (v8.3.4#803005)