(impala) 03/03: IMPALA-13937: Use simpler chmod syntax to set +t on /var/tmp in Docker build

Fri, 09 May 2025 08:51:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

laszlog pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit cc703b3c3a5876fcf42b91e939aef687bd58b81b
Author: Laszlo Gaal <[email protected]>
AuthorDate: Mon Apr 7 21:29:07 2025 +0200

    IMPALA-13937: Use simpler chmod syntax to set +t on /var/tmp in Docker build
    
    Some Docker base images contain basic Unix utilities implemented by
    Busybox instead of the usual linux-coreutils package. The chmod command
    in the Busybox implementation seems to ignore certain syntax variants:
    the current invocation for setting the sticky bit (+t) on /var/tmp got
    silently ignored, while chmod indicated success, returning 0 to the
    calling script.
    
    This patch changes the chmod call to a slightly simple syntax, which was
    tested to be understood by Busybox and coreutils both; and adds a simple
    inline check to assert that the directories required by Kerberos
    - exist
    - and have the required ownership and permission structure.
    
    The assertion fails the Docker build if setting up /tmp and /var/tmp in
    a Kerberos-compatible way did not succeed.
    
    Change-Id: I20c52dc70fb73337efcd6d12652bf99c3c473ff9
    Reviewed-on: http://gerrit.cloudera.org:8080/22811
    Reviewed-by: Peter Rozsa <[email protected]>
    Tested-by: Impala Public Jenkins <[email protected]>
---
 docker/install_os_packages.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docker/install_os_packages.sh b/docker/install_os_packages.sh
index c8949c247..acdb04dc3 100755
--- a/docker/install_os_packages.sh
+++ b/docker/install_os_packages.sh
@@ -288,7 +288,11 @@ fi
 # the sticky bit (i.e. +t). Some versions of Redhat UBI images do not have
 # this set by default, so specifically set the sticky bit for both /tmp and 
/var/tmp.
 mkdir -p /var/tmp
-chmod a=rwx,o+t /var/tmp /tmp
+chmod a=rwxt /var/tmp /tmp
+# The busybox implementation of chmod is known to ignore certain chmod syntax 
variations,
+# so check if the directories actually have the correct permissions
+diff <(stat -c '%u %g %a'  /tmp) - <<<'0 0 1777'
+diff <(stat -c '%u %g %a'  /var/tmp) - <<<'0 0 1777'
 
 # To minimize the size for the Docker image, clean up any unnecessary files.
 if [[ $DISTRIBUTION == Ubuntu ]]; then

Reply via email to