----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52517/#review151650 -----------------------------------------------------------
ambari-agent/conf/unix/ambari-agent (lines 45 - 48) <https://reviews.apache.org/r/52517/#comment220091> readlink -m can return an empty string as well ambari-agent/conf/unix/ambari-agent (line 63) <https://reviews.apache.org/r/52517/#comment220092> This should also get the valid_path treatment. Can valid_path just be part of the get_agent_property call? It looks like that function is only ever used for directory purposes anyway. - Nate Cole On Oct. 4, 2016, 11:33 a.m., Dmitro Lisnichenko wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52517/ > ----------------------------------------------------------- > > (Updated Oct. 4, 2016, 11:33 a.m.) > > > Review request for Ambari, Nate Cole and Vitalyi Brodetskyi. > > > Bugs: AMBARI-18526 > https://issues.apache.org/jira/browse/AMBARI-18526 > > > Repository: ambari > > > Description > ------- > > While working on Ambari installation using Vagrant I found following issues > that can be potentially dangerous and destroy sudo and /home permissions > > Steps to reproduce: > > Remove or misconfigure following configs from ambari-agent.ini file: > {code} > [agent] > logdir=/var/log/ambari-agent > piddir=/var/run/ambari-agent > {code} > > Start ambari agent. Note that log, pid, and out want to be written to /. > Everything fails and sudo is destroyed as well as /home for all users. Sudo > user will not be able to connect to cluster using private key due to > permissions and folder ownership switch to root. > > {code} > [root@ambari-slave1 vagrant]# id > uid=0(root) gid=0(root) groups=0(root) > > [root@ambari-slave1 vagrant]# ambari-agent start > > chown: changing ownership of `/proc/12937': Operation not permitted > chown: changing ownership of `/proc/12938/task/12938': Operation not permitted > chown: changing ownership of `/proc/12938': Operation not permitted > chown: changing ownership of `/proc/12941/task/12941': Operation not permitted > chown: changing ownership of `/proc/12941': Operation not permitted > chown: changing ownership of `/proc/12942/task/12942/fd/4': No such file or > directory > chown: changing ownership of `/proc/12942/task/12942/fdinfo/4': No such file > or directory > chown: changing ownership of `/proc/12942/task/12942': Operation not permitted > chown: changing ownership of `/proc/12942/fd/4': No such file or directory > chown: changing ownership of `/proc/12942/fdinfo/4': No such file or directory > chown: changing ownership of `/proc/12942': Operation not permitted > Starting ambari-agent > Verifying ambari-agent process status... > Ambari Agent successfully started > Agent PID at: /ambari-agent.pid > Agent out at: /ambari-agent.out > Agent log at: /ambari-agent.log > {code} > > Sticky bit is removed from sudo as result of it > > {code} > [root@ambari-slave1 vagrant]# ls -l /usr/bin/sudo > ---x--x--x. 1 root root 123832 Oct 15 2014 /usr/bin/sudo > {code} > > it should be: > > {code} > [root@ambari-slave2 vagrant]# ls -l /usr/bin/sudo > ---s--x--x. 1 root root 123832 Oct 15 2014 /usr/bin/sudo > {code} > > All user folder is messed up as owned by root > > {code} > [root@ambari-slave1 vagrant]# ls -ld /home/ > drwxr-xr-x. 3 root root 4096 Mar 9 2016 /home/ > > [root@ambari-slave1 vagrant]# ls -ld /home/vagrant > drwx------ 3 root root 4096 Sep 27 22:16 /home/vagrant > {code} > > sudo is broken: > > {code} > [root@ambari-slave1 vagrant]# id > uid=0(root) gid=0(root) groups=0(root) > [root@ambari-slave1 vagrant]# exit > exit > [vagrant@ambari-slave1 ~]$ sudo su > sudo: effective uid is not 0, is sudo installed setuid root? > {code} > > this is caused due to by function in /usr/sbin/ambari-agent > > {code} > get_agent_property() { > property_name="$1" > value=$(awk -F "=" "/$property_name/ {print \$2}" > /etc/ambari-agent/conf/ambari-agent.ini) > echo $value > } > {code} > > > Diffs > ----- > > ambari-agent/conf/unix/ambari-agent ccb0b7a > > Diff: https://reviews.apache.org/r/52517/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Dmitro Lisnichenko > >
