----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/26443/#review55795 -----------------------------------------------------------
Ship it! Ship It! - Sumit Mohanty On Oct. 8, 2014, 12:52 p.m., Jonathan Hurley wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/26443/ > ----------------------------------------------------------- > > (Updated Oct. 8, 2014, 12:52 p.m.) > > > Review request for Ambari, Sumit Mohanty, Sid Wagle, and Tom Beerbower. > > > Bugs: AMBARI-7687 > https://issues.apache.org/jira/browse/AMBARI-7687 > > > Repository: ambari > > > Description > ------- > > Our scripts autmatically assumed that hadoop users could use /bin/bash as > their login shell. This causes security problems for some users as those > accounts should not be able to logon. Without /bin/bash, our scripts fail to > execute since we cannot impersonate the user. > > The solution is to: > > - Prevent our code from manually setting /bin/bash in the hook scripts > - Using the su -s /bin/bash format for impersonation commands > > > Diffs > ----- > > ambari-agent/src/test/python/resource_management/TestUserResource.py > 859b111f2a057f8a4db91ef4ee6bc23ac6e948d1 > > ambari-common/src/main/python/resource_management/core/resources/accounts.py > f498db531d496f146e96bc8138d6ae76592f20e4 > ambari-common/src/main/python/resource_management/core/shell.py > a2e3af3d8ec7ac43f8077794a079f3b47b5f9a3c > > ambari-server/src/main/resources/stacks/HDP/1.3.2/hooks/before-START/files/checkForFormat.sh > d14091af2e9913964c944962425498a864e095e6 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/GANGLIA/package/files/startRrdcached.sh > 258d178b7001754844f0b0f7bceae45bbe7f4dcf > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/package/files/checkForFormat.sh > d14091af2e9913964c944962425498a864e095e6 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/package/scripts/hdfs_namenode.py > cb6195b3c45058e149b40056503f0b80819fefd0 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/package/scripts/service_check.py > e04d68c60c13a6cd09f8152c415ea5c353f7b20e > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/package/scripts/utils.py > a0ac1c234e27ecf68729af954e667ae9261cecd7 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/package/files/templetonSmoke.sh > 21204e664eb932a958083dca2d1c216057f7fdd9 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/OOZIE/package/files/oozieSmoke.sh > e61bd4d3b70b5bff2bacf787c4171fb264df2e8f > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/OOZIE/package/scripts/oozie_service.py > f4cc2837dbbd780ab714c6295fe62edf0e18c19d > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/ZOOKEEPER/package/files/zkService.sh > 32dfce464aad7fca831bd55aaa1d48fec18bbce6 > > ambari-server/src/main/resources/stacks/HDP/1.3.2/services/ZOOKEEPER/package/files/zkSmoke.sh > c1c11b4286b947d0b891f193ed08512a66003db9 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-START/files/checkForFormat.sh > 9036ab230f6ae351921a38fdd654ece2bde8e758 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/GANGLIA/package/files/startRrdcached.sh > 262f716ba45d284bea722205c26bd2e9a87e050a > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/files/checkForFormat.sh > c9a3828a664cbae36a46a4995d9c051cb93f0114 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/hdfs_namenode.py > 68cf4fd2ff60df83966be2c2095d4d8e38dc7b71 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/service_check.py > f30a2c51493fa2c80b50db726518af69c32a93ad > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HDFS/package/scripts/utils.py > 6eba10220c1a58dd9ba713b14be9864af05f16e8 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/files/templetonSmoke.sh > 2d07b8b813f80b972e5039af601e9ac626cbc331 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/files/oozieSmoke2.sh > 6446e15feb5c9b9bc0a895f231d7a0c36c3646c3 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie_service.py > 041c2cddaa211d1fffd860ac179b7a8e473cd187 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/ZOOKEEPER/package/files/zkService.sh > a5c7c8bbca6ebdbcb9e15a1eb7a5e93986921af1 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/ZOOKEEPER/package/files/zkSmoke.sh > 02cc996a0082d6e03123bba89f94716cb198b4ff > ambari-server/src/test/python/stacks/1.3.2/HDFS/test_datanode.py > 70127b83854c4fd017c54496289e85a74d29aebf > ambari-server/src/test/python/stacks/1.3.2/HDFS/test_namenode.py > 7cc4a1faeed30840b16664adde106700fe042497 > ambari-server/src/test/python/stacks/1.3.2/HDFS/test_service_check.py > 7c089a5dbf2a2cc8966c5553e1c6e8b658c459ad > ambari-server/src/test/python/stacks/1.3.2/HDFS/test_snamenode.py > 50065e4e5f951de1af37c41987d78f85e841dccc > ambari-server/src/test/python/stacks/1.3.2/OOZIE/test_oozie_server.py > ccfea3d798d6df4d4c028a0b2938eb12eec92326 > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py > c9e638bd7371a2fb0be67de9a875b215ea7eb288 > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py > 9d4e9dbdd88cfaee789cad476b664e5aeb6c01d3 > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py > bf26877c3dbfa57c2c76cc602a67702581aa807a > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_service_check.py > 38f04ab8d738f93c0332f892c81a343b4e7adcc5 > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py > a675b335589166a73595547bd6caa52a9d7ca441 > ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py > be8d3821fd10f8468b8c0d40b082ec865217da4f > ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py > b720a2de6b89e499a578b9beedb1546fbd762ef3 > > Diff: https://reviews.apache.org/r/26443/diff/ > > > Testing > ------- > > I performed a full install of my cluster and verified that initially all > users were created with /bin/bash. I changed their login shell to > /bin/nologin and then attempted to stop all services. I verified that this > fails. I then updated the appropriate scripts and agents. The following items > were then tested successfully: > > - Stopping all services > - Start all services > - Running all smoke tests > > I then verified that all hadoop users were still set to /bin/nologin > > [INFO] Rat check: Summary of files. Unapproved: 0 unknown: 0 generated: 0 > approved: 41 licence. > [INFO] > ------------------------------------------------------------------------ > [INFO] Reactor Summary: > [INFO] > [INFO] Ambari Main ........................................ SUCCESS [ 2.609 > s] > [INFO] Apache Ambari Project POM .......................... SUCCESS [ 0.307 > s] > [INFO] Ambari Web ......................................... SUCCESS [ 18.079 > s] > [INFO] Ambari Views ....................................... SUCCESS [ 1.714 > s] > [INFO] Ambari Admin View .................................. SUCCESS [ 8.838 > s] > [INFO] Ambari Server ...................................... SUCCESS [22:55 > min] > [INFO] Ambari Agent ....................................... SUCCESS [ 6.777 > s] > [INFO] Ambari Client ...................................... SUCCESS [ 0.024 > s] > [INFO] Ambari Python Client ............................... SUCCESS [ 0.269 > s] > [INFO] Ambari Groovy Client ............................... SUCCESS [ 9.943 > s] > [INFO] Ambari Shell ....................................... SUCCESS [ 0.033 > s] > [INFO] Ambari Python Shell ................................ SUCCESS [ 0.036 > s] > [INFO] Ambari Groovy Shell ................................ SUCCESS [ 6.721 > s] > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 23:51 min > [INFO] Finished at: 2014-10-08T00:37:52-04:00 > [INFO] Final Memory: 48M/247M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Jonathan Hurley > >
