ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Review Request 35514: ambari-agent 2.0.1 overwrites /etc/sudoers.d/ambar-agent if it is exists
Date Tue, 16 Jun 2015 13:42:24 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35514/
-----------------------------------------------------------

Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-11947
    https://issues.apache.org/jira/browse/AMBARI-11947


Repository: ambari


Description
-------

PROBLEM: There are several issues related to the Ambari-Agent and the
/etc/sudoers file. Below are the issues:

1) Installation of the ambari-agent rpm should _not_ overwrite /etc/sudoers.d
/ambari-agent if it exists as it does now

2) The presence of a Defaults directive after any other directive in a sudoers
config stream is not honored. If /etc/sudoers.d/* files are included after a
non-Defaults directive in the main /etc/sudoers file, the Defaults entries in
any of the included files will not apply. Where #include directives are
specified in /etc/sudoers is highly site dependent. The file as added by the
rpm contains:

Defaults:root !requiretty

3) Warnings are being suppressed indiscriminately for all root sudo commands
on an entire system. Customer suggestion is that Ambari should not be running
commands as root, but as other HW users e.g.:

sudo -u hadoop <command>  
sudo -u hbase <ccommand>

BUSINESS IMPACT: The #include derivatives are highly site dependent for the
customer. This is a development environment.


Diffs
-----

  ambari-agent/conf/unix/install-helper.sh 5552d3c 
  ambari-agent/etc/sudoers.d/ambari-agent 1663152 
  ambari-agent/pom.xml b2690b0 

Diff: https://reviews.apache.org/r/35514/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message