> On 四月 7, 2017, 1:42 p.m., Colm O hEigeartaigh wrote:
> > Did you verify it works also with the default (solr) value for the group?
Yes, $SOLR_USER and $SOLR_GROUP can be set to the same value(solr).
The main problem is the following script:
id $SOLR_USER &> /dev/null
if [ $? -ne 0 ]; then
echo "`date`|INFO|Creating user $SOLR_USER"
groupadd $SOLR_USER 2> /dev/null
useradd -g $SOLR_USER $SOLR_USER 2>/dev/null
fi
When $SOLR_USER does not exist, then create group $SOLR_USER and user
$SOLR_USER whose group is $SOLR_USER.
But if user $SOLR_USER has already exist, then the group $SOLR_USER will not be
created,
(Such as we create group hadoop instead of creating group solr,
and create user solr whose group is hadoop manually),
so the Linux system would not have the group which name is $SOLR_USER,
it wolud result in invalid group error when executing the following script:
sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER
So this patch fixed the above bug.
And it can support the case where the user name is different with the user
group.
- Qiang
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56490/#review171344
---
On 四月 7, 2017, 10:10 a.m., Qiang Zhang wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56490/
> ---
>
> (Updated 四月 7, 2017, 10:10 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Gautam
> Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan
> Periasamy.
>
>
> Bugs: RANGER-1369
> https://issues.apache.org/jira/browse/RANGER-1369
>
>
> Repository: ranger
>
>
> Description
> ---
>
> #Description:
> There are some logic defects in the following
> script(/security-admin/contrib/solr_for_audit_setup/setup.sh):
> sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER
> set_ownership $SOLR_USER $SOLR_USER $SOLR_INSTALL_FOLDER
> It will cause invalid group error if the group does not exist.
> And these logics do not support the case where the user name is different
> with the user group.
> We should use SOLR_GROUP to resolve these logic defects. The new code is as
> following:
> sudo chown -R $SOLR_USER:$SOLR_GROUP $SOLR_INSTALL_FOLDER
> set_ownership $SOLR_USER $SOLR_GROUP $SOLR_INSTALL_FOLDER
> And set a value for SOLR_GROUP alone.
>
>
> Diffs
> -
>
> security-admin/contrib/solr_for_audit_setup/install.properties fc9955d
> security-admin/contrib/solr_for_audit_setup/setup.sh 41a51d8
>
>
> Diff: https://reviews.apache.org/r/56490/diff/2/
>
>
> Testing
> ---
>
> #Test Result:
> 1.Configure install.properties of solr_for_audit_setup:
> SOLR_USER=solr
> SOLR_GROUP=hadoop
> SOLR_INSTALL=false
> SOLR_DEPLOYMENT=standalone
> 2.Execute the script setup.sh of solr_for_audit_setup as root success
> 3.Start Solr and Ranger-Admin(use slor for audit) success
>
>
> Thanks,
>
> Qiang Zhang
>
>