You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2015/06/16 15:43:00 UTC

[jira] [Created] (AMBARI-11947) ambari-agent 2.0.1 overwrites /etc/sudoers.d/ambar-agent if it is exists

Andrew Onischuk created AMBARI-11947:
----------------------------------------

             Summary:  ambari-agent 2.0.1 overwrites /etc/sudoers.d/ambar-agent if it is exists 
                 Key: AMBARI-11947
                 URL: https://issues.apache.org/jira/browse/AMBARI-11947
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 2.1.0


PROBLEM: There are several issues related to the Ambari-Agent and the
/etc/sudoers file. Below are the issues:

1) Installation of the ambari-agent rpm should _not_ overwrite /etc/sudoers.d
/ambari-agent if it exists as it does now

2) The presence of a Defaults directive after any other directive in a sudoers
config stream is not honored. If /etc/sudoers.d/* files are included after a
non-Defaults directive in the main /etc/sudoers file, the Defaults entries in
any of the included files will not apply. Where #include directives are
specified in /etc/sudoers is highly site dependent. The file as added by the
rpm contains:

Defaults:root !requiretty

3) Warnings are being suppressed indiscriminately for all root sudo commands
on an entire system. Customer suggestion is that Ambari should not be running
commands as root, but as other HW users e.g.:

sudo -u hadoop <command>  
sudo -u hbase <ccommand>

BUSINESS IMPACT: The #include derivatives are highly site dependent for the
customer. This is a development environment.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)