You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/06/16 15:42:24 UTC
Review Request 35514: ambari-agent 2.0.1 overwrites
/etc/sudoers.d/ambar-agent if it is exists
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35514/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-11947
https://issues.apache.org/jira/browse/AMBARI-11947
Repository: ambari
Description
-------
PROBLEM: There are several issues related to the Ambari-Agent and the
/etc/sudoers file. Below are the issues:
1) Installation of the ambari-agent rpm should _not_ overwrite /etc/sudoers.d
/ambari-agent if it exists as it does now
2) The presence of a Defaults directive after any other directive in a sudoers
config stream is not honored. If /etc/sudoers.d/* files are included after a
non-Defaults directive in the main /etc/sudoers file, the Defaults entries in
any of the included files will not apply. Where #include directives are
specified in /etc/sudoers is highly site dependent. The file as added by the
rpm contains:
Defaults:root !requiretty
3) Warnings are being suppressed indiscriminately for all root sudo commands
on an entire system. Customer suggestion is that Ambari should not be running
commands as root, but as other HW users e.g.:
sudo -u hadoop <command>
sudo -u hbase <ccommand>
BUSINESS IMPACT: The #include derivatives are highly site dependent for the
customer. This is a development environment.
Diffs
-----
ambari-agent/conf/unix/install-helper.sh 5552d3c
ambari-agent/etc/sudoers.d/ambari-agent 1663152
ambari-agent/pom.xml b2690b0
Diff: https://reviews.apache.org/r/35514/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 35514: ambari-agent 2.0.1 overwrites
/etc/sudoers.d/ambar-agent if it is exists
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35514/#review88060
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On June 16, 2015, 1:42 p.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35514/
> -----------------------------------------------------------
>
> (Updated June 16, 2015, 1:42 p.m.)
>
>
> Review request for Ambari and Dmitro Lisnichenko.
>
>
> Bugs: AMBARI-11947
> https://issues.apache.org/jira/browse/AMBARI-11947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> PROBLEM: There are several issues related to the Ambari-Agent and the
> /etc/sudoers file. Below are the issues:
>
> 1) Installation of the ambari-agent rpm should _not_ overwrite /etc/sudoers.d
> /ambari-agent if it exists as it does now
>
> 2) The presence of a Defaults directive after any other directive in a sudoers
> config stream is not honored. If /etc/sudoers.d/* files are included after a
> non-Defaults directive in the main /etc/sudoers file, the Defaults entries in
> any of the included files will not apply. Where #include directives are
> specified in /etc/sudoers is highly site dependent. The file as added by the
> rpm contains:
>
> Defaults:root !requiretty
>
> 3) Warnings are being suppressed indiscriminately for all root sudo commands
> on an entire system. Customer suggestion is that Ambari should not be running
> commands as root, but as other HW users e.g.:
>
> sudo -u hadoop <command>
> sudo -u hbase <ccommand>
>
> BUSINESS IMPACT: The #include derivatives are highly site dependent for the
> customer. This is a development environment.
>
>
> Diffs
> -----
>
> ambari-agent/conf/unix/install-helper.sh 5552d3c
> ambari-agent/etc/sudoers.d/ambari-agent 1663152
> ambari-agent/pom.xml b2690b0
>
> Diff: https://reviews.apache.org/r/35514/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>