You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/05/21 17:58:41 UTC

Review Request 34549: Non-secure clusters should not install the linux task controller

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/
-----------------------------------------------------------

Review request for Ambari and Vitalyi Brodetskyi.


Bugs: AMBARI-11307
    https://issues.apache.org/jira/browse/AMBARI-11307


Repository: ambari


Description
-------

In insecure clusters, all user code runs as mapred. With our default insecure
install, the setuid to root linux task controller provides mapred with the
ability to run processes as any user. The combination of these is bad. I think
we should separate out the setuid executable to a separate rpm that is only
installed on secure clusters.


Diffs
-----

  ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d 
  ambari-common/src/main/python/resource_management/core/sudo.py ebde23d 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581 
  ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033 

Diff: https://reviews.apache.org/r/34549/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk

Re: Review Request 34549: Non-secure clusters should not install the linux task controller

Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/#review84732
-----------------------------------------------------------

Ship it!


Ship It!

- Vitalyi Brodetskyi


On Травень 21, 2015, 4:49 після полудня, Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34549/
> -----------------------------------------------------------
> 
> (Updated Травень 21, 2015, 4:49 після полудня)
> 
> 
> Review request for Ambari and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-11307
>     https://issues.apache.org/jira/browse/AMBARI-11307
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> In insecure clusters, all user code runs as mapred. With our default insecure
> install, the setuid to root linux task controller provides mapred with the
> ability to run processes as any user. The combination of these is bad. I think
> we should separate out the setuid executable to a separate rpm that is only
> installed on secure clusters.
> 
> 
> Diffs
> -----
> 
>   ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d 
>   ambari-common/src/main/python/resource_management/core/sudo.py ebde23d 
>   ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4 
>   ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581 
>   ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033 
> 
> Diff: https://reviews.apache.org/r/34549/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 34549: Non-secure clusters should not install the linux task controller

Posted by Andrew Onischuk <ao...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/
-----------------------------------------------------------

(Updated May 21, 2015, 4:49 p.m.)


Review request for Ambari and Vitalyi Brodetskyi.


Bugs: AMBARI-11307
    https://issues.apache.org/jira/browse/AMBARI-11307


Repository: ambari


Description
-------

In insecure clusters, all user code runs as mapred. With our default insecure
install, the setuid to root linux task controller provides mapred with the
ability to run processes as any user. The combination of these is bad. I think
we should separate out the setuid executable to a separate rpm that is only
installed on secure clusters.


Diffs (updated)
-----

  ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d 
  ambari-common/src/main/python/resource_management/core/sudo.py ebde23d 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581 
  ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033 

Diff: https://reviews.apache.org/r/34549/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk

Re: Review Request 34549: Non-secure clusters should not install the linux task controller

Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/#review84716
-----------------------------------------------------------

Ship it!


Ship It!

- Vitalyi Brodetskyi


On Травень 21, 2015, 3:58 після полудня, Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34549/
> -----------------------------------------------------------
> 
> (Updated Травень 21, 2015, 3:58 після полудня)
> 
> 
> Review request for Ambari and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-11307
>     https://issues.apache.org/jira/browse/AMBARI-11307
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> In insecure clusters, all user code runs as mapred. With our default insecure
> install, the setuid to root linux task controller provides mapred with the
> ability to run processes as any user. The combination of these is bad. I think
> we should separate out the setuid executable to a separate rpm that is only
> installed on secure clusters.
> 
> 
> Diffs
> -----
> 
>   ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d 
>   ambari-common/src/main/python/resource_management/core/sudo.py ebde23d 
>   ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4 
>   ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48 
>   ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581 
>   ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033 
> 
> Diff: https://reviews.apache.org/r/34549/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>