You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Birender Saini (JIRA)" <ji...@apache.org> on 2016/07/22 15:48:20 UTC
[jira] [Commented] (AMBARI-17857) Support PowerBroker for non-root
installations
[ https://issues.apache.org/jira/browse/AMBARI-17857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15389719#comment-15389719 ]
Birender Saini commented on AMBARI-17857:
-----------------------------------------
[~paulcodding] Can you comment on the design / changes below ?
Following changes needs to be made -
- Add a flag in .ini file to indicate which interface to use for executing commands as super user
- Add ambari-pbrun.sh (for both ambari server and ambari agent) : Implement logic to run commands using pbrun
- We should also add a higher level abstraction script - ambari-run-as-superuser.sh : Executes sudo or pbrun script depending on the flag in .ini file.
- Change all instances in Ambari code that use - amber-sudo.sh to ambari-run-as-superuser.sh
> Support PowerBroker for non-root installations
> ----------------------------------------------
>
> Key: AMBARI-17857
> URL: https://issues.apache.org/jira/browse/AMBARI-17857
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-agent, ambari-server
> Reporter: Paul Codding
> Labels: security
>
> In some environments PowerBroker is preferred over sudo. It's desired to support PowerBroker for both the Ambari Server and Ambari Agents, so each can run as a non-root user and have PowerBroker used to escalate priviliges when required.
> A suggestion is to add new configuration in the Ambari Server's /etc/ambari-server/conf/ambari.properties to allow users to choose between using sudo, or pbrun, and make sure scripts such as ambari-sudo.sh (for agent and server) are updated to use that configuration when deciding which command to run, and syntax to use when escalating privileges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)