[oozie] branch master updated: OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)

[kmarton]

This is an automated email from the ASF dual-hosted git repository.

kmarton pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git


The following commit(s) were added to refs/heads/master by this push:
     new aa21911  OOZIE-3478 Oozie needs execute permission on the submitting 
users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
aa21911 is described below

commit aa219119439a808491bcc649f83ee7376d543641
Author: Julia Kinga Marton <kmar...@apache.org>
AuthorDate: Tue May 7 09:41:55 2019 +0200

    OOZIE-3478 Oozie needs execute permission on the submitting users home 
directory (asalamon74 via gezapeti, pbacsko, kmarton)
---
 .../oozie/action/hadoop/JavaActionExecutor.java    | 22 +++++++++++++++++-----
 release-log.txt                                    |  1 +
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git 
a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java 
b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
index df3fbb2..ec45fe4 100644
--- a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
+++ b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
@@ -33,6 +33,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
+import java.security.PrivilegedExceptionAction;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -96,6 +97,7 @@ import org.apache.oozie.service.HadoopAccessorService;
 import org.apache.oozie.service.Services;
 import org.apache.oozie.service.ShareLibService;
 import org.apache.oozie.service.URIHandlerService;
+import org.apache.oozie.service.UserGroupInformationService;
 import org.apache.oozie.service.WorkflowAppService;
 import org.apache.oozie.util.ClasspathUtils;
 import org.apache.oozie.util.ELEvaluationException;
@@ -1205,7 +1207,7 @@ public class JavaActionExecutor extends ActionExecutor {
                                                                     final 
WorkflowAction action,
                                                                     final 
Credentials credentials,
                                                                     final 
Element actionXml)
-            throws IOException, HadoopAccessorException, URISyntaxException {
+            throws IOException, HadoopAccessorException, URISyntaxException, 
InterruptedException {
 
         ApplicationSubmissionContext appContext = 
Records.newRecord(ApplicationSubmissionContext.class);
 
@@ -1223,9 +1225,20 @@ public class JavaActionExecutor extends ActionExecutor {
 
         final String user = actionContext.getWorkflow().getUser();
         // Set the resources to localize
-        Map<String, LocalResource> localResources = new HashMap<String, 
LocalResource>();
-        
ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
-        MRApps.setupDistributedCache(launcherJobConf, localResources);
+        Map<String, LocalResource> localResources = new HashMap<>();
+        // Executing code inside a doAs so we don't need execute permission 
for oozie user
+        // on the home directory of the submitting user
+        final UserGroupInformationService ugiService = 
Services.get().get(UserGroupInformationService.class);
+        final UserGroupInformation ugi = ugiService.getProxyUser(user);
+        ugi.doAs(new PrivilegedExceptionAction<Object>() {
+            public Object run() throws Exception {
+                setEnvironmentVariables(launcherJobConf, amContainer);
+                
ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
+                MRApps.setupDistributedCache(launcherJobConf, localResources);
+                return null;
+            }
+        });
+
         // Add the Launcher and Action configs as Resources
         HadoopAccessorService has = 
Services.get().get(HadoopAccessorService.class);
         launcherJobConf.set(LauncherAM.OOZIE_SUBMITTER_USER, user);
@@ -1237,7 +1250,6 @@ public class JavaActionExecutor extends ActionExecutor {
         localResources.put(LauncherAM.ACTION_CONF_XML, actionConfLR);
         amContainer.setLocalResources(localResources);
 
-        setEnvironmentVariables(launcherJobConf, amContainer);
 
         List<String> vargs = createCommand(launcherJobConf, actionContext);
         setJavaOpts(launcherJobConf, actionXml, vargs);
diff --git a/release-log.txt b/release-log.txt
index 7abf8ae..adfe81d 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 5.2.0 release (trunk - unreleased)
 
+OOZIE-3478 Oozie needs execute permission on the submitting users home 
directory (asalamon74 via gezapeti, pbacsko, kmarton)
 OOZIE-3393 Add Oozie instrumentation delayed metric in 
CoordMaterializeTriggerService (zuston via asalamon74)
 OOZIE-3477 Fix parameter checking in 
WorkflowStore.getWorkflowCountWithStatusInLastNSeconds (zuston via asalamon74)
 OOZIE-3470 PurgeXCommand coordActionDel variable assignment should be 
standardized (zuston via asalamon74)