> On May 24, 2017, 3:37 p.m., Robert Levas wrote: > > This update will create a security issue. We need to ensure that an admin > > user is only created once via this script. This should occur during the > > *first* call to `ambari-server setup` - which is expected to be done by a > > system administrator - ideally `root`. After that, `ambari-server` may be > > exectued by another user, if an alternate user is set to execute Ambari. > > > > If a non-administrative user can execute `ambari-server setup` and that > > user is allowed to set or update users in the Ambari database (without > > first being authenticated by Ambari), then users other than Ambari > > Administrators can effectively manage Ambari users. We should not allow > > this to happen. > > > > I think that if we want to allow this feature, we need to first query the > > Ambari database to see if there is already a user with administrator > > privileges. If not, then the setup script should be allowed to create the > > first Ambari Administrator account. If one exists, than the setup script > > should not be allowed to create new or update existing users in the > > database. Because `org.apache.ambari.server.controller.CreateUserHelper` is > > an executable class, the check needs to be done there to ensure OS-level > > users with the ability to read this class do not gain the ability to create > > (and possibly update) Ambari user accounts while by-passing needed > > authorization checks.
Thank you Robert for your suggestions, I have modified the implementation so for the first time the ambari-server setup is run the admin user gets created and the create.admin.flag is set to true in ambari.properties. If the class CreateUserHelper is executed, it looks if admin user exists and it fails there, so the users cannot be modified/created just by executing the class later. Even if the create.admin.flag in ambari.properties is switched to false and ambari-server setup is run, new admin user cannot be created, since it looks for existing admin users and it fails with the message "User cannot be created, Admin user already exists, login to Ambari UI to create/modify users" - Anita ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59503/#review175942 ----------------------------------------------------------- On May 24, 2017, 8:40 p.m., Anita Jebaraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59503/ > ----------------------------------------------------------- > > (Updated May 24, 2017, 8:40 p.m.) > > > Review request for Ambari, Alejandro Fernandez, Di Li, Jonathan Hurley, > Robert Levas, and Tim Thorpe. > > > Bugs: AMBARI-21083 > https://issues.apache.org/jira/browse/AMBARI-21083 > > > Repository: ambari > > > Description > ------- > > Provide the ability to create custom admin user during ambari server setup, > so that the user will have the option to either create the admin user with > the username/password of their preference or can use the default username. > > > Diffs > ----- > > ambari-server/docs/configuration/index.md ff9ce54 > > ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java > 114046f > > ambari-server/src/main/java/org/apache/ambari/server/controller/CreateUserHelper.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java > 9cdde8f > ambari-server/src/main/python/ambari_server/serverConfiguration.py 4780338 > ambari-server/src/main/python/ambari_server/serverSetup.py c6de088 > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 15670f3 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 7e41399 > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 4d0274f > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql cc933fa > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 5fc14d4 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 12e66f9 > > ambari-server/src/test/java/org/apache/ambari/server/controller/CreateUserHelperTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/59503/diff/3/ > > > Testing > ------- > > Added 1 test case > > > Ran mvn test > > > File Attachments > ---------------- > > custom_admin.PNG > > https://reviews.apache.org/media/uploaded/files/2017/05/23/53d168bc-6c83-4acf-ae9b-74bf3fa005d3__custom_admin.PNG > > > Thanks, > > Anita Jebaraj > >
