AMBARI-18526. Ambari breaks sudo and user access if Ambari Agent misconfigured (dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cceb7d2d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cceb7d2d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cceb7d2d Branch: refs/heads/branch-dev-patch-upgrade Commit: cceb7d2d3eb8359e3a25a7c9eec5c92516f28097 Parents: 49c9660 Author: Lisnichenko Dmitro <dlysniche...@hortonworks.com> Authored: Thu Oct 6 19:57:25 2016 +0300 Committer: Lisnichenko Dmitro <dlysniche...@hortonworks.com> Committed: Thu Oct 6 19:57:25 2016 +0300 ---------------------------------------------------------------------- ambari-agent/conf/unix/ambari-agent | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/cceb7d2d/ambari-agent/conf/unix/ambari-agent ---------------------------------------------------------------------- diff --git a/ambari-agent/conf/unix/ambari-agent b/ambari-agent/conf/unix/ambari-agent index ccb0b7a..30897dd 100755 --- a/ambari-agent/conf/unix/ambari-agent +++ b/ambari-agent/conf/unix/ambari-agent @@ -39,6 +39,17 @@ get_agent_property() { echo $value } +valid_path() { + value=${1:?} + value=$(readlink -m ${value}) + if [ "$value" == "/" ]; then + echo "path $1 not valid" 1>&2 + exit 1 + fi + echo $value +} + + export PATH=/usr/sbin:/sbin:/usr/lib/ambari-server/*:$PATH export AMBARI_CONF_DIR=/etc/ambari-server/conf:$PATH @@ -46,8 +57,14 @@ export AMBARI_CONF_DIR=/etc/ambari-server/conf:$PATH export PYTHONPATH=/usr/lib/python2.6/site-packages:${PYTHONPATH:-} export AMBARI_PID_DIR=`get_agent_property piddir` +export AMBARI_PID_DIR=`valid_path "${AMBARI_PID_DIR:?}"` +export AMBARI_PID_DIR="${AMBARI_PID_DIR:?}" export AMBARI_AGENT_LOG_DIR=`get_agent_property logdir` +export AMBARI_AGENT_LOG_DIR=`valid_path "${AMBARI_AGENT_LOG_DIR:?}"` +export AMBARI_AGENT_LOG_DIR="${AMBARI_AGENT_LOG_DIR:?}" KEYSDIR=`get_agent_property keysdir` +KEYSDIR=`valid_path "${KEYSDIR:?}"` +KEYSDIR="${KEYSDIR:?}" AMBARI_AGENT=ambari-agent PYTHON_WRAP=/usr/bin/ambari-python-wrap