ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Fernandez" <afernan...@hortonworks.com>
Subject Re: Review Request 29482: Distributed keytab files have the incorrect owner and group access controls
Date Tue, 30 Dec 2014 17:57:52 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29482/#review66385
-----------------------------------------------------------

Ship it!


Ship It!

- Alejandro Fernandez


On Dec. 30, 2014, 12:24 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29482/
> -----------------------------------------------------------
> 
> (Updated Dec. 30, 2014, 12:24 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Andrew Onischuk, Jaimin Jetly, Sid Wagle,
and Yusaku Sako.
> 
> 
> Bugs: AMBARI-8941
>     https://issues.apache.org/jira/browse/AMBARI-8941
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Distributed keytab files have the incorrect owner and group access controls.  Keytab
files have the following (generally incorrect) ACLs:
> 
> ```
> -rw-r---- 1 root root
> ```
> 
> ACLs should be applied as indicated by the Kerberos descriptor
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json fcbd669 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/KERBEROS/package/scripts/kerberos_common.py
42e195c 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py 6bb29cb 
> 
> Diff: https://reviews.apache.org/r/29482/diff/
> 
> 
> Testing
> -------
> 
> Manually tested and viewed file system in test cluster:
> ```
> # ls -ltr /etc/security/keytabs
> total 40
> -r--r----- 1 root      hadoop 413 Dec 30 12:05 spnego.service.keytab
> -r--r----- 1 ambari-qa hadoop 313 Dec 30 12:05 smokeuser.headless.keytab
> -r--r----- 1 hdfs      hadoop 288 Dec 30 12:05 hdfs.headless.keytab
> -r-------- 1 hdfs      hadoop 814 Dec 30 12:05 nn.service.keytab
> -r-------- 1 hdfs      hadoop 814 Dec 30 12:05 dn.service.keytab
> -r-------- 1 mapred    hadoop 819 Dec 30 12:05 jhs.service.keytab
> -r-------- 1 yarn      hadoop 824 Dec 30 12:05 yarn.service.keytab
> -r-------- 1 yarn      hadoop 814 Dec 30 12:05 nm.service.keytab
> -r-------- 1 yarn      hadoop 814 Dec 30 12:05 rm.service.keytab
> -r-------- 1 zookeeper hadoop 438 Dec 30 12:05 zk.service.keytab
> ```
> 
> Updated units tests for Kerbero Client `stacks/2.2/KERBEROS/test_kerberos_client.py`,
test ran successfully:
> 
> ```
> test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
> test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
> test_get_property (test_kerberos_client.TestKerberosClient) ... ok
> test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message