Jiayi Liu created RANGER-2671:
---------------------------------
Summary: Running the setup.sh in usersync a second time will
change the permissions and owner of hadoop core-site.xml
Key: RANGER-2671
URL: https://issues.apache.org/jira/browse/RANGER-2671
Project: Ranger
Issue Type: Bug
Components: usersync
Affects Versions: 1.2.0, 2.0.0
Reporter: Jiayi Liu
If we run setup.sh in usersync a second time, the setup.py will change the
permissions to 644 and owner to ranger:ranger of hadoop core-site.xml. This
will affect other software that needs to read core-site.xml, for example,
hiveserver2 will fail to start because it does not have permission to read
core-site.xml. Ranger should never change the permission or ownership of
core-site.xml in hadoop conf dir.
The reason why the permissions and owner of core-site.xml are modified is
because the following code in setup.py
{code:python}
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
os.chown(root, ownerId, groupId)
os.chmod(root, 0755)
for obj in dirs:
dn = join(root, obj)
os.chown(dn, ownerId, groupId)
os.chmod(dn, 0755)
for obj in files:
fn = join(root, obj)
os.chown(fn, ownerId, groupId)
os.chmod(fn, 0750)
{code}
If we run setup.sh in usersync a second time, there will be a soft link of
core-site.xml in /etc/ranger/usersync/conf. In the for loop, it will traverse
to /etc/ranger/usersync/conf/core-site.xml, and use os.chown and os.chmod to
change the permisson and ownership. We should unlink the soft link of
core-site.xml before this for loop.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
