Repository: incubator-trafodion Updated Branches: refs/heads/master ed8666d18 -> d86a0baf3
[TRAFODION-2697] Set bulkload permissions for hbase upload The /user/trafodion directory must be traversable for non-trafodion users. Make bulkload directory readable by hbase group. Bulkload directory should not be readable by other, to keep transient data secure. For python, also do not create /lobs /bulkload dirctories, as they are no longer used. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/872b91cb Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/872b91cb Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/872b91cb Branch: refs/heads/master Commit: 872b91cb2155f51a383b77bc61daa5f0517c172c Parents: 3ae998f Author: Steve Varnau <svar...@apache.org> Authored: Fri Jul 28 20:37:31 2017 +0000 Committer: Steve Varnau <svar...@apache.org> Committed: Fri Jul 28 20:37:31 2017 +0000 ---------------------------------------------------------------------- core/trafodion.spec | 16 +++++++++++++--- .../TRAFODION/2.1/package/scripts/params.py | 1 + .../2.1/package/scripts/trafodionmaster.py | 9 ++++++++- install/python-installer/scripts/hdfs_cmds.py | 8 ++++++-- 4 files changed, 28 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/872b91cb/core/trafodion.spec ---------------------------------------------------------------------- diff --git a/core/trafodion.spec b/core/trafodion.spec index 4ecc873..34ceed2 100644 --- a/core/trafodion.spec +++ b/core/trafodion.spec @@ -96,9 +96,19 @@ then fi if ! getent passwd trafodion > /dev/null then - /usr/sbin/useradd --shell /bin/bash -m trafodion -g trafodion -G hbase,hive --home /home/trafodion > /dev/null 2>&1 -else - /usr/sbin/usermod -a -G hbase,hive trafodion > /dev/null 2>&1 + /usr/sbin/useradd --shell /bin/bash -m trafodion -g trafodion --home /home/trafodion > /dev/null 2>&1 +fi +if getent group hbase > /dev/null +then + /usr/sbin/usermod -a -G hbase trafodion > /dev/null 2>&1 +fi +if getent group hive > /dev/null +then + /usr/sbin/usermod -a -G hive trafodion > /dev/null 2>&1 +fi +if getent group hadoop > /dev/null +then + /usr/sbin/usermod -a -G hadoop trafodion > /dev/null 2>&1 fi chmod go+rx /home/trafodion http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/872b91cb/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/params.py b/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/params.py index f1f34d4..8e4183b 100755 --- a/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/params.py +++ b/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/params.py @@ -54,6 +54,7 @@ traf_clust_template = config['configurations']['traf-cluster-env']['content'] traf_user = 'trafodion' traf_group = 'trafodion' hdfs_user = config['configurations']['hadoop-env']['hdfs_user'] +user_group = config['configurations']['cluster-env']['user_group'] hbase_user = config['configurations']['hbase-env']['hbase_user'] hbase_staging = config['configurations']['hbase-site']['hbase.bulkload.staging.dir'] http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/872b91cb/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/trafodionmaster.py ---------------------------------------------------------------------- diff --git a/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/trafodionmaster.py b/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/trafodionmaster.py index 331a206..4649d63 100755 --- a/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/trafodionmaster.py +++ b/install/ambari-installer/traf-mpack/common-services/TRAFODION/2.1/package/scripts/trafodionmaster.py @@ -131,6 +131,12 @@ class Master(Script): owner=params.hbase_user, group=params.hbase_user, ) + params.HdfsDirectory("/user/trafodion", + action="create_on_execute", + owner=params.traf_user, + group=params.traf_group, + mode=0755, + ) params.HdfsDirectory("/user/trafodion/trafodion_backups", action="create_on_execute", owner=params.traf_user, @@ -139,7 +145,8 @@ class Master(Script): params.HdfsDirectory("/user/trafodion/bulkload", action="create_on_execute", owner=params.traf_user, - group=params.traf_group, + group=params.user_group, + mode=0750, ) params.HdfsDirectory("/user/trafodion/lobs", action="create_on_execute", http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/872b91cb/install/python-installer/scripts/hdfs_cmds.py ---------------------------------------------------------------------- diff --git a/install/python-installer/scripts/hdfs_cmds.py b/install/python-installer/scripts/hdfs_cmds.py index 1826f3b..12d342c 100755 --- a/install/python-installer/scripts/hdfs_cmds.py +++ b/install/python-installer/scripts/hdfs_cmds.py @@ -45,11 +45,15 @@ def run(): traf_user = dbcfgs['traf_user'] hdfs_user = dbcfgs['hdfs_user'] hbase_user = dbcfgs['hbase_user'] + hbase_group = cmd_output('%s groups %s | cut -d" " -f3' % (hdfs_bin, hbase_user)) run_cmd_as_user(hdfs_user, '%s dfsadmin -safemode wait' % hdfs_bin) - run_cmd_as_user(hdfs_user, '%s dfs -mkdir -p %s/{trafodion_backups,bulkload,lobs} /bulkload /lobs /hbase/archive' % (hdfs_bin, traf_loc)) + run_cmd_as_user(hdfs_user, '%s dfs -mkdir -p %s/{trafodion_backups,bulkload,lobs} /hbase/archive' % (hdfs_bin, traf_loc)) run_cmd_as_user(hdfs_user, '%s dfs -chown -R %s:%s /hbase/archive' % (hdfs_bin, hbase_user, hbase_user)) - run_cmd_as_user(hdfs_user, '%s dfs -chown -R %s:%s %s %s/{trafodion_backups,bulkload,lobs} /bulkload /lobs' % (hdfs_bin, traf_user, traf_user, traf_loc, traf_loc)) + run_cmd_as_user(hdfs_user, '%s dfs -chown -R %s:%s %s %s/{trafodion_backups,bulkload,lobs}' % (hdfs_bin, traf_user, traf_user, traf_loc, traf_loc)) + run_cmd_as_user(hdfs_user, '%s dfs -chmod 0755 %s' % (hdfs_bin, traf_loc)) + run_cmd_as_user(hdfs_user, '%s dfs -chmod 0750 %s/{trafodion_backups,bulkload,lobs}' % (hdfs_bin, traf_loc)) + run_cmd_as_user(hdfs_user, '%s dfs -chgrp %s %s/bulkload' % (hdfs_bin, hbase_group, traf_loc)) run_cmd_as_user(hdfs_user, '%s dfs -setfacl -R -m user:%s:rwx /hbase/archive' % (hdfs_bin, traf_user)) run_cmd_as_user(hdfs_user, '%s dfs -setfacl -R -m default:user:%s:rwx /hbase/archive' % (hdfs_bin, traf_user)) run_cmd_as_user(hdfs_user, '%s dfs -setfacl -R -m mask::rwx /hbase/archive' % hdfs_bin)
