You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/10/09 02:43:27 UTC
[jira] [Updated] (STORM-357) [security] Supervisors can fail to
clean up worker files properly
[ https://issues.apache.org/jira/browse/STORM-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Kellogg updated STORM-357:
-------------------------------
Component/s: storm-core
> [security] Supervisors can fail to clean up worker files properly
> -----------------------------------------------------------------
>
> Key: STORM-357
> URL: https://issues.apache.org/jira/browse/STORM-357
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Reporter: Derek Dagit
> Assignee: Derek Dagit
> Labels: security
> Fix For: 0.10.0
>
>
> The "worker launcher" script is used to perform a variety of tasks as a specific user. This requires launching a separate process.
> After a worker is shut down, the supervisor uses the "worker launcher" script to clean up after workers with its "rmr" command. This command could fail for any number of reasons, just as backtype.storm.util/rmr could fail. But the "worker launcher" script merely sets the exit code of the process to non-zero, and that does not result in a thrown exception.
> As a result, logic in supervisor.clj clean-up code is bypassed, and it proceeds to delete the file in workers-users, which is critical for any subsequent attempts at cleanup without intervention by a privileged user.
> The symptom is repeated messages warning that cleanup fails because the original user is unknown. It rolls log files and can fill the disk with dead worker directories.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)