incubator-ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ey...@apache.org
Subject svn commit: r1182173 - in /incubator/ambari/trunk: CHANGES.txt agent/src/main/python/ambari_agent/FileUtil.py agent/src/main/python/ambari_agent/shell.py
Date Wed, 12 Oct 2011 02:06:03 GMT
Author: eyang
Date: Wed Oct 12 02:06:02 2011
New Revision: 1182173

URL: http://svn.apache.org/viewvc?rev=1182173&view=rev
Log:
AMBARI-60. Added permission check for RUN_ACTION, and WRITE_FILE_ACTION. (Eric Yang)

Modified:
    incubator/ambari/trunk/CHANGES.txt
    incubator/ambari/trunk/agent/src/main/python/ambari_agent/FileUtil.py
    incubator/ambari/trunk/agent/src/main/python/ambari_agent/shell.py

Modified: incubator/ambari/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/CHANGES.txt?rev=1182173&r1=1182172&r2=1182173&view=diff
==============================================================================
--- incubator/ambari/trunk/CHANGES.txt (original)
+++ incubator/ambari/trunk/CHANGES.txt Wed Oct 12 02:06:02 2011
@@ -2,6 +2,8 @@ Ambari Change log
 
 Release 0.1.0 - unreleased
 
+  AMBARI-60. Added permission check for RUN_ACTION, and WRITE_FILE_ACTION. (Eric Yang)
+
   AMBARI-61. Rename cluster REST API. (vgogate)
 
   AMBARI-59. Refactor to use clusterRevision instead of bluePrintName and 

Modified: incubator/ambari/trunk/agent/src/main/python/ambari_agent/FileUtil.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/agent/src/main/python/ambari_agent/FileUtil.py?rev=1182173&r1=1182172&r2=1182173&view=diff
==============================================================================
--- incubator/ambari/trunk/agent/src/main/python/ambari_agent/FileUtil.py (original)
+++ incubator/ambari/trunk/agent/src/main/python/ambari_agent/FileUtil.py Wed Oct 12 02:06:02
2011
@@ -20,23 +20,30 @@ limitations under the License.
 
 from pwd import getpwnam
 from grp import getgrnam
+import logging
+import logging.handlers
 import getpass
 import os, errno
 import sys, traceback
 
+logger = logging.getLogger()
+
 def writeFile(action, result):
   fileInfo = action['file']
   try:
     user=fileInfo['owner']
-    if isinstance(user, int)!=True:
-      user=getpwnam(user)[2]
     group=fileInfo['group']
-    if isinstance(group, int)!=True:
-      group=getgrnam(group)[2]
-    permission=int(fileInfo['permission'])
-    umask=int(fileInfo['umask'])
     filename=fileInfo['path']
     content=fileInfo['data']
+    try:
+      if isinstance(user, int)!=True:
+        user=getpwnam(user)[2]
+      if isinstance(group, int)!=True:
+        group=getgrnam(group)[2]
+    except Exception:
+      logger.warn("can not find user uid/gid: (%s/%s) for writing %s" % (user, group, filename))
+    permission=int(fileInfo['permission'])
+    umask=int(fileInfo['umask'])
     oldMask = os.umask(0)
     os.umask(int(umask))
     prefix = os.path.dirname(filename)
@@ -50,8 +57,9 @@ def writeFile(action, result):
     f = open(filename, 'w')
     f.write(content)
     f.close()
-    os.chmod(filename, permission)
-    os.chown(filename, user, group)
+    if os.getuid()==0:
+      os.chmod(filename, permission)
+      os.chown(filename, user, group)
     os.umask(oldMask)
     result['exitCode'] = 0
     return result

Modified: incubator/ambari/trunk/agent/src/main/python/ambari_agent/shell.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/agent/src/main/python/ambari_agent/shell.py?rev=1182173&r1=1182172&r2=1182173&view=diff
==============================================================================
--- incubator/ambari/trunk/agent/src/main/python/ambari_agent/shell.py (original)
+++ incubator/ambari/trunk/agent/src/main/python/ambari_agent/shell.py Wed Oct 12 02:06:02
2011
@@ -18,6 +18,8 @@ See the License for the specific languag
 limitations under the License.
 '''
 
+from pwd import getpwnam
+from grp import getgrnam
 import logging
 import logging.handlers
 import subprocess
@@ -33,16 +35,34 @@ logger = logging.getLogger()
 class shellRunner:
   # Run any command
   def run(self, script, user=None):
+    oldUid = os.getuid()
+    try:
+      if user!=None:
+        user=getpwnam(user)[2]
+        os.setuid(user)
+    except Exception:
+      logger.warn("can not switch user for RUN_COMMAND.")
     code = 0
     cmd = " "
     cmd = cmd.join(script)
     p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True,
close_fds=True)
     out, err = p.communicate()
     code = p.wait()
+    try:
+      if user!=None:
+        os.setuid(oldUid)
+    except Exception:
+      logger.warn("can not restore user for RUN_COMMAND.")
     return {'exitCode': code, 'output': out, 'error': err}
 
   # dispatch action types
   def runAction(self, clusterId, component, role, user, command, cleanUpCommand, result):
+    oldUid = os.getuid()
+    try:
+      user=getpwnam(user)[2]
+      os.setuid(user)
+    except Exception:
+      logger.warn("%s %s %s can not switch user for RUN_ACTION." % (clusterId, component,
role))
     code = 0
     cmd = sys.executable
     tempfilename = tempfile.mktemp()
@@ -78,11 +98,21 @@ class shellRunner:
       cleanUpResult['exitCode'] = cleanUpCode
       result['cleanUpResult'] = cleanUpResult
       os.unlink(tempfilename)
+    try:
+      os.setuid(oldUid)
+    except Exception:
+      logger.warn("%s %s %s can not restore user for RUN_ACTION." % (clusterId, component,
role))
     return result
 
   # Start a process and presist its state
   def startProcess(self, clusterId, clusterDefinitionRevision, component, role, script, user,
result):
     global serverTracker
+    oldUid = os.getuid()
+    try:
+      user=getpwnam(user)[2]
+      os.setuid(user)
+    except Exception:
+      logger.warn("%s %s %s can not switch user for START_ACTION." % (clusterId, component,
role))
     code = 0
     commandResult = {}
     process = clusterId+"/"+clusterDefinitionRevision+"/"+component+"/"+role
@@ -104,6 +134,10 @@ class shellRunner:
         serverTracker[process] = child_pid
         commandResult['exitCode'] = 0
       result['commandResult'] = commandResult
+    try:
+      os.setuid(oldUid)
+    except Exception:
+      logger.warn("%s %s %s can not restore user for START_ACTION." % (clusterId, component,
role))
     return result
 
   # Stop a process and remove presisted state



Mime
View raw message