You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Gautam Borad <gb...@gmail.com> on 2015/01/08 14:00:54 UTC
Review Request 29704: Separate Unix authentication from User sync
process
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29704/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-208
https://issues.apache.org/jira/browse/RANGER-208
Repository: ranger
Description
-------
Currently both the Unix user authentication and Unix user/group sync happens from the same process. Since both the tasks are independent of each other, they should be run as separate process.
This way if the user/group sync process is down the authentication wont be affected and vice versa.
Diffs
-----
pom.xml 38590d5
src/main/assembly/userauth.xml PRE-CREATION
src/main/assembly/usersync.xml 89f0dcc
ugsync/conf.dist/log4j.xml PRE-CREATION
ugsync/conf.dist/unixauthservice.properties PRE-CREATION
ugsync/scripts/initd PRE-CREATION
ugsync/scripts/install.properties PRE-CREATION
ugsync/scripts/set_globals.sh PRE-CREATION
ugsync/scripts/setup.sh PRE-CREATION
ugsync/scripts/user-sync-start.sh PRE-CREATION
ugsync/scripts/user-sync-stop.sh PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/service/UnixSyncService.java PRE-CREATION
unixauthservice/pom.xml 6e6ca97
unixauthservice/scripts/initd e429cce
unixauthservice/scripts/install.properties 63e4ffe
unixauthservice/scripts/set_globals.sh c77fbf9
unixauthservice/scripts/setup.sh bc9fd35
unixauthservice/scripts/start.sh 399e6b2
unixauthservice/scripts/stop.sh 1933364
unixauthservice/scripts/user-auth-start.sh PRE-CREATION
unixauthservice/scripts/user-auth-stop.sh PRE-CREATION
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 1629e13
Diff: https://reviews.apache.org/r/29704/diff/
Testing
-------
Implementation :
1] Separated the user sync and user auth codebase [ with changes in assembly ]
2] Modified installation scripts
3] Added a package in usersync named service
4] Added scripts to start sync/auth processes : user-sync-start.sh and user-auth-start.sh
Tested :
1] Tested unix user sync
2] Test Ldap user sync ( pending )
3] Test AD user sync ( pending )
4] Tested DB user Authentication
5] Tested Unix user Authentication
6] Test Ldap user Authentication (pending)
7] Test AD user Authentication (pending)
8] Tested with Admin & (user sync & user auth) on same machine
9] Tested with Admin & (user sync & user auth) on diff machine
10] Tested User Sync being run as non-root user
11] Tested User Auth being run as non-root user ( Fails! Because access to /etc/shadow is allowed only to root user . For this added a check in start script so only root user can run User Auth process)
Thanks,
Gautam Borad