You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Jiayi Liu (Jira)" <ji...@apache.org> on 2019/12/13 03:44:00 UTC
[jira] [Comment Edited] (RANGER-2671) Running the setup.sh in
usersync a second time will change the permissions and owner of hadoop
core-site.xml
[ https://issues.apache.org/jira/browse/RANGER-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995330#comment-16995330 ]
Jiayi Liu edited comment on RANGER-2671 at 12/13/19 3:43 AM:
-------------------------------------------------------------
Hi, [~rmani]. Thank you for your reply, I create a review request in https://reviews.apache.org/r/71910/, and set you as a reviewer.
was (Author: liujiayi771):
[~rmani]Thank you for your reply, I create a review request in https://reviews.apache.org/r/71910/, and set you as a reviewer.
> Running the setup.sh in usersync a second time will change the permissions and owner of hadoop core-site.xml
> ------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-2671
> URL: https://issues.apache.org/jira/browse/RANGER-2671
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Affects Versions: 2.0.0, 1.2.0
> Reporter: Jiayi Liu
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
> The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
> {code:python}
> for dir in fixPermList:
> for root, dirs, files in os.walk(dir):
> os.chown(root, ownerId, groupId)
> os.chmod(root, 0755)
> for obj in dirs:
> dn = join(root, obj)
> os.chown(dn, ownerId, groupId)
> os.chmod(dn, 0755)
> for obj in files:
> fn = join(root, obj)
> os.chown(fn, ownerId, groupId)
> os.chmod(fn, 0750)
> {code}
> If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.
> pr: https://github.com/apache/ranger/pull/46
--
This message was sent by Atlassian Jira
(v8.3.4#803005)