You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Gautam Borad <gb...@gmail.com> on 2015/01/08 14:00:54 UTC

Review Request 29704: Separate Unix authentication from User sync process

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29704/
-----------------------------------------------------------

Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-208
    https://issues.apache.org/jira/browse/RANGER-208


Repository: ranger


Description
-------

Currently both the Unix user authentication and Unix user/group sync happens from the same process. Since both the tasks are independent of each other, they should be run as separate process.
This way if the user/group sync process is down the authentication wont be affected and vice versa.


Diffs
-----

  pom.xml 38590d5 
  src/main/assembly/userauth.xml PRE-CREATION 
  src/main/assembly/usersync.xml 89f0dcc 
  ugsync/conf.dist/log4j.xml PRE-CREATION 
  ugsync/conf.dist/unixauthservice.properties PRE-CREATION 
  ugsync/scripts/initd PRE-CREATION 
  ugsync/scripts/install.properties PRE-CREATION 
  ugsync/scripts/set_globals.sh PRE-CREATION 
  ugsync/scripts/setup.sh PRE-CREATION 
  ugsync/scripts/user-sync-start.sh PRE-CREATION 
  ugsync/scripts/user-sync-stop.sh PRE-CREATION 
  ugsync/src/main/java/org/apache/ranger/unixusersync/service/UnixSyncService.java PRE-CREATION 
  unixauthservice/pom.xml 6e6ca97 
  unixauthservice/scripts/initd e429cce 
  unixauthservice/scripts/install.properties 63e4ffe 
  unixauthservice/scripts/set_globals.sh c77fbf9 
  unixauthservice/scripts/setup.sh bc9fd35 
  unixauthservice/scripts/start.sh 399e6b2 
  unixauthservice/scripts/stop.sh 1933364 
  unixauthservice/scripts/user-auth-start.sh PRE-CREATION 
  unixauthservice/scripts/user-auth-stop.sh PRE-CREATION 
  unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 1629e13 

Diff: https://reviews.apache.org/r/29704/diff/


Testing
-------

Implementation :
   1] Separated the user sync and user auth codebase [ with changes in assembly ]
   2] Modified installation scripts
   3] Added a package in usersync named service
   4] Added scripts to start sync/auth processes : user-sync-start.sh and user-auth-start.sh

Tested :
   1] Tested unix user sync
   2] Test Ldap user sync ( pending )
   3] Test AD user sync ( pending )
   4] Tested DB user Authentication
   5] Tested Unix user Authentication
   6] Test Ldap user Authentication (pending)
   7] Test AD user Authentication (pending)
   8] Tested with Admin & (user sync & user auth) on same machine
   9] Tested with Admin & (user sync & user auth) on diff machine
   10] Tested User Sync being run as non-root user
   11] Tested User Auth being run as non-root user ( Fails! Because access to /etc/shadow is allowed only to root user . For this added a check in start script so only root user can run User Auth process)
   
   


Thanks,

Gautam Borad