[
https://issues.apache.org/jira/browse/AMBARI-17857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15389719#comment-15389719
]
Birender Saini commented on AMBARI-17857:
-----------------------------------------
[~paulcodding] Can you comment on the design / changes below ?
Following changes needs to be made -
- Add a flag in .ini file to indicate which interface to use for executing
commands as super user
- Add ambari-pbrun.sh (for both ambari server and ambari agent) : Implement
logic to run commands using pbrun
- We should also add a higher level abstraction script -
ambari-run-as-superuser.sh : Executes sudo or pbrun script depending on the
flag in .ini file.
- Change all instances in Ambari code that use - amber-sudo.sh to
ambari-run-as-superuser.sh
> Support PowerBroker for non-root installations
> ----------------------------------------------
>
> Key: AMBARI-17857
> URL: https://issues.apache.org/jira/browse/AMBARI-17857
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-agent, ambari-server
> Reporter: Paul Codding
> Labels: security
>
> In some environments PowerBroker is preferred over sudo. It's desired to
> support PowerBroker for both the Ambari Server and Ambari Agents, so each can
> run as a non-root user and have PowerBroker used to escalate priviliges when
> required.
> A suggestion is to add new configuration in the Ambari Server's
> /etc/ambari-server/conf/ambari.properties to allow users to choose between
> using sudo, or pbrun, and make sure scripts such as ambari-sudo.sh (for agent
> and server) are updated to use that configuration when deciding which command
> to run, and syntax to use when escalating privileges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
