You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by km...@apache.org on 2019/05/07 07:42:18 UTC
[oozie] branch master updated: OOZIE-3478 Oozie needs execute
permission on the submitting users home directory (asalamon74 via gezapeti,
pbacsko, kmarton)
This is an automated email from the ASF dual-hosted git repository.
kmarton pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git
The following commit(s) were added to refs/heads/master by this push:
new aa21911 OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
aa21911 is described below
commit aa219119439a808491bcc649f83ee7376d543641
Author: Julia Kinga Marton <km...@apache.org>
AuthorDate: Tue May 7 09:41:55 2019 +0200
OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
---
.../oozie/action/hadoop/JavaActionExecutor.java | 22 +++++++++++++++++-----
release-log.txt | 1 +
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
index df3fbb2..ec45fe4 100644
--- a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
+++ b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
@@ -33,6 +33,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
+import java.security.PrivilegedExceptionAction;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
@@ -96,6 +97,7 @@ import org.apache.oozie.service.HadoopAccessorService;
import org.apache.oozie.service.Services;
import org.apache.oozie.service.ShareLibService;
import org.apache.oozie.service.URIHandlerService;
+import org.apache.oozie.service.UserGroupInformationService;
import org.apache.oozie.service.WorkflowAppService;
import org.apache.oozie.util.ClasspathUtils;
import org.apache.oozie.util.ELEvaluationException;
@@ -1205,7 +1207,7 @@ public class JavaActionExecutor extends ActionExecutor {
final WorkflowAction action,
final Credentials credentials,
final Element actionXml)
- throws IOException, HadoopAccessorException, URISyntaxException {
+ throws IOException, HadoopAccessorException, URISyntaxException, InterruptedException {
ApplicationSubmissionContext appContext = Records.newRecord(ApplicationSubmissionContext.class);
@@ -1223,9 +1225,20 @@ public class JavaActionExecutor extends ActionExecutor {
final String user = actionContext.getWorkflow().getUser();
// Set the resources to localize
- Map<String, LocalResource> localResources = new HashMap<String, LocalResource>();
- ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
- MRApps.setupDistributedCache(launcherJobConf, localResources);
+ Map<String, LocalResource> localResources = new HashMap<>();
+ // Executing code inside a doAs so we don't need execute permission for oozie user
+ // on the home directory of the submitting user
+ final UserGroupInformationService ugiService = Services.get().get(UserGroupInformationService.class);
+ final UserGroupInformation ugi = ugiService.getProxyUser(user);
+ ugi.doAs(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ setEnvironmentVariables(launcherJobConf, amContainer);
+ ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
+ MRApps.setupDistributedCache(launcherJobConf, localResources);
+ return null;
+ }
+ });
+
// Add the Launcher and Action configs as Resources
HadoopAccessorService has = Services.get().get(HadoopAccessorService.class);
launcherJobConf.set(LauncherAM.OOZIE_SUBMITTER_USER, user);
@@ -1237,7 +1250,6 @@ public class JavaActionExecutor extends ActionExecutor {
localResources.put(LauncherAM.ACTION_CONF_XML, actionConfLR);
amContainer.setLocalResources(localResources);
- setEnvironmentVariables(launcherJobConf, amContainer);
List<String> vargs = createCommand(launcherJobConf, actionContext);
setJavaOpts(launcherJobConf, actionXml, vargs);
diff --git a/release-log.txt b/release-log.txt
index 7abf8ae..adfe81d 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.2.0 release (trunk - unreleased)
+OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
OOZIE-3393 Add Oozie instrumentation delayed metric in CoordMaterializeTriggerService (zuston via asalamon74)
OOZIE-3477 Fix parameter checking in WorkflowStore.getWorkflowCountWithStatusInLastNSeconds (zuston via asalamon74)
OOZIE-3470 PurgeXCommand coordActionDel variable assignment should be standardized (zuston via asalamon74)