[
https://issues.apache.org/jira/browse/HADOOP-13673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15801942#comment-15801942
]
Allen Wittenauer edited comment on HADOOP-13673 at 1/5/17 5:25 PM:
-------------------------------------------------------------------
-03:
* if the su operation isn't expected to return, then callers must do their own
exec or exit or whatever. This ends up being a lot simpler than adding a param
that will likely be false.
* abs MYNAME so that if the command given is a relative path, we can su
correctly. e.g., as root calling "hadoop/bin/hdfs namenode" would fail since
su would try to call hadoop/bin/hdfs which was no longer the correct path
At this point, I think everything is working and this should get reviewed.
was (Author: aw):
-03:
* if the su operation isn't expected to return, then callers must do their own
exec or exit or whatever. This ends up being a lot simpler than adding a param
that will likely be false.
* abs MYNAME so that if the command given is a relative path, we can su
correct. e.g., as root calling "hadoop/bin/hdfs namenode" would fail since su
would try to call hadoop/bin/hdfs which was no longer the correct path
At this point, I think everything is working and this should get reviewed.
> Update scripts to be smarter when running with privilege
> --------------------------------------------------------
>
> Key: HADOOP-13673
> URL: https://issues.apache.org/jira/browse/HADOOP-13673
> Project: Hadoop Common
> Issue Type: Bug
> Components: scripts
> Affects Versions: 3.0.0-alpha1, 3.0.0-alpha2
> Reporter: Allen Wittenauer
> Assignee: Allen Wittenauer
> Labels: security
> Attachments: HADOOP-13673.00.patch, HADOOP-13673.01.patch,
> HADOOP-13673.02.patch, HADOOP-13673.03.patch
>
>
> As work continues on HADOOP-13397, it's become evident that we need better
> hooks to start daemons as specifically configured users. Via the
> (command)_(subcommand)_USER environment variables in 3.x, we actually have a
> standardized way to do that. This in turn means we can make the sbin scripts
> super functional with a bit of updating:
> * Consolidate start-dfs.sh and start-secure-dns.sh into one script
> * Make start-\*.sh and stop-\*.sh know how to switch users when run as root
> * Undeprecate start/stop-all.sh so that it could be used as root for
> production purposes and as a single user for non-production users
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
