You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Jiayi Liu <li...@gmail.com> on 2019/12/13 03:51:31 UTC
Re: Review Request 71910: Unlink core-site.xml in usersync conf
before chown and chmod
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71910/
-----------------------------------------------------------
(Updated 十二月 13, 2019, 3:51 a.m.)
Review request for ranger and Ramesh Mani.
Summary (updated)
-----------------
Unlink core-site.xml in usersync conf before chown and chmod
Repository: ranger
Description
-------
If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
```python
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
os.chown(root, ownerId, groupId)
os.chmod(root, 0755)
for obj in dirs:
dn = join(root, obj)
os.chown(dn, ownerId, groupId)
os.chmod(dn, 0755)
for obj in files:
fn = join(root, obj)
os.chown(fn, ownerId, groupId)
os.chmod(fn, 0750)
```
If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.
Diffs
-----
unixauthservice/scripts/setup.py 54297f4b9
Diff: https://reviews.apache.org/r/71910/diff/1/
Testing
-------
Thanks,
Jiayi Liu
Re: Review Request 71910: RANGER-2671 : Unlink core-site.xml in
usersync conf before chown and chmod
Posted by Jiayi Liu <li...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71910/
-----------------------------------------------------------
(Updated 一月 6, 2020, 10:55 a.m.)
Review request for ranger and Ramesh Mani.
Bugs: RANGER-2671
https://issues.apache.org/jira/browse/RANGER-2671
Repository: ranger
Description
-------
If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
```python
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
os.chown(root, ownerId, groupId)
os.chmod(root, 0755)
for obj in dirs:
dn = join(root, obj)
os.chown(dn, ownerId, groupId)
os.chmod(dn, 0755)
for obj in files:
fn = join(root, obj)
os.chown(fn, ownerId, groupId)
os.chmod(fn, 0750)
```
If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.
Diffs
-----
unixauthservice/scripts/setup.py 54297f4b9
Diff: https://reviews.apache.org/r/71910/diff/1/
Testing
-------
File Attachments (updated)
----------------
0001-RANGER-2671.patch
https://reviews.apache.org/media/uploaded/files/2020/01/06/1b9d0d11-a3a3-4607-a5f3-81217f0e0adc__0001-RANGER-2671.patch
Thanks,
Jiayi Liu
Re: Review Request 71910: RANGER-2671 : Unlink core-site.xml in
usersync conf before chown and chmod
Posted by Jiayi Liu <li...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71910/
-----------------------------------------------------------
(Updated 一月 6, 2020, 10:20 a.m.)
Review request for ranger and Ramesh Mani.
Summary (updated)
-----------------
RANGER-2671 : Unlink core-site.xml in usersync conf before chown and chmod
Bugs: RANGER-2671
https://issues.apache.org/jira/browse/RANGER-2671
Repository: ranger
Description
-------
If we run setup.sh in usersync a second time, the setup.py in usersync folder will change the permissions to 0750 and owner to ranger:ranger of hadoop core-site.xml. This will affect other software that needs to read core-site.xml, for example, hiveserver2 will fail to start because it does not have permission to read core-site.xml. Ranger should never change the permission or ownership of core-site.xml in hadoop conf dir.
The reason why the permissions and owner of core-site.xml are modified is because the following code in unixauthservice/scripts/setup.py
```python
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
os.chown(root, ownerId, groupId)
os.chmod(root, 0755)
for obj in dirs:
dn = join(root, obj)
os.chown(dn, ownerId, groupId)
os.chmod(dn, 0755)
for obj in files:
fn = join(root, obj)
os.chown(fn, ownerId, groupId)
os.chmod(fn, 0750)
```
If we run setup.sh in usersync a second time, there will be a soft link of core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to change the permisson and ownership. We should unlink the soft link of core-site.xml before this for loop.
Diffs
-----
unixauthservice/scripts/setup.py 54297f4b9
Diff: https://reviews.apache.org/r/71910/diff/1/
Testing
-------
Thanks,
Jiayi Liu