You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Jiayi Liu <li...@gmail.com> on 2020/01/06 11:01:11 UTC

Review Request 71957: RANGER-2671 : Unlink core-site.xml in usersync conf before chown and chmod

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71957/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, and Ramesh Mani.


Bugs: RANGER-2671
    https://issues.apache.org/jira/browse/RANGER-2671


Repository: ranger


Description
-------

If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
```python
for dir in fixPermList:
    for root, dirs, files in os.walk(dir):
        os.chown(root, ownerId, groupId)
        os.chmod(root, 0755)
        for obj in dirs:
            dn = join(root, obj)
            os.chown(dn, ownerId, groupId)
            os.chmod(dn, 0755)
        for obj in files:
            fn = join(root, obj)
            os.chown(fn, ownerId, groupId)
            os.chmod(fn, 0750)
```
If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.


Diffs
-----

  unixauthservice/scripts/setup.py 54297f4b9 


Diff: https://reviews.apache.org/r/71957/diff/1/


Testing
-------


Thanks,

Jiayi Liu

Re: Review Request 71957: RANGER-2671 : Unlink core-site.xml in usersync conf before chown and chmod

Posted by Pradeep Agrawal <pr...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71957/#review219279
-----------------------------------------------------------


Ship it!




Ship It!

- Pradeep Agrawal


On Jan. 6, 2020, 11:01 a.m., Jiayi Liu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71957/
> -----------------------------------------------------------
> 
> (Updated Jan. 6, 2020, 11:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, and Ramesh Mani.
> 
> 
> Bugs: RANGER-2671
>     https://issues.apache.org/jira/browse/RANGER-2671
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
> The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
> ```python
> for dir in fixPermList:
>     for root, dirs, files in os.walk(dir):
>         os.chown(root, ownerId, groupId)
>         os.chmod(root, 0755)
>         for obj in dirs:
>             dn = join(root, obj)
>             os.chown(dn, ownerId, groupId)
>             os.chmod(dn, 0755)
>         for obj in files:
>             fn = join(root, obj)
>             os.chown(fn, ownerId, groupId)
>             os.chmod(fn, 0750)
> ```
> If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.
> 
> 
> Diffs
> -----
> 
>   unixauthservice/scripts/setup.py 54297f4b9 
> 
> 
> Diff: https://reviews.apache.org/r/71957/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jiayi Liu
> 
>