Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.4.0
-
None
Description
While working on Ambari installation using Vagrant I found following issues that can be potentially dangerous and destroy sudo and /home permissions
Steps to reproduce:
Remove or misconfigure following configs from ambari-agent.ini file:
[agent] logdir=/var/log/ambari-agent piddir=/var/run/ambari-agent
Start ambari agent. Note that log, pid, and out want to be written to /. Everything fails and sudo is destroyed as well as /home for all users. Sudo user will not be able to connect to cluster using private key due to permissions and folder ownership switch to root.
[root@ambari-slave1 vagrant]# id uid=0(root) gid=0(root) groups=0(root) [root@ambari-slave1 vagrant]# ambari-agent start chown: changing ownership of `/proc/12937': Operation not permitted chown: changing ownership of `/proc/12938/task/12938': Operation not permitted chown: changing ownership of `/proc/12938': Operation not permitted chown: changing ownership of `/proc/12941/task/12941': Operation not permitted chown: changing ownership of `/proc/12941': Operation not permitted chown: changing ownership of `/proc/12942/task/12942/fd/4': No such file or directory chown: changing ownership of `/proc/12942/task/12942/fdinfo/4': No such file or directory chown: changing ownership of `/proc/12942/task/12942': Operation not permitted chown: changing ownership of `/proc/12942/fd/4': No such file or directory chown: changing ownership of `/proc/12942/fdinfo/4': No such file or directory chown: changing ownership of `/proc/12942': Operation not permitted Starting ambari-agent Verifying ambari-agent process status... Ambari Agent successfully started Agent PID at: /ambari-agent.pid Agent out at: /ambari-agent.out Agent log at: /ambari-agent.log
Sticky bit is removed from sudo as result of it
[root@ambari-slave1 vagrant]# ls -l /usr/bin/sudo ---x--x--x. 1 root root 123832 Oct 15 2014 /usr/bin/sudo
it should be:
[root@ambari-slave2 vagrant]# ls -l /usr/bin/sudo ---s--x--x. 1 root root 123832 Oct 15 2014 /usr/bin/sudo
All user folder is messed up as owned by root
[root@ambari-slave1 vagrant]# ls -ld /home/ drwxr-xr-x. 3 root root 4096 Mar 9 2016 /home/ [root@ambari-slave1 vagrant]# ls -ld /home/vagrant drwx------ 3 root root 4096 Sep 27 22:16 /home/vagrant
sudo is broken:
[root@ambari-slave1 vagrant]# id uid=0(root) gid=0(root) groups=0(root) [root@ambari-slave1 vagrant]# exit exit [vagrant@ambari-slave1 ~]$ sudo su sudo: effective uid is not 0, is sudo installed setuid root?
this is caused due to by function in /usr/sbin/ambari-agent
get_agent_property() { property_name="$1" value=$(awk -F "=" "/$property_name/ {print \$2}" /etc/ambari-agent/conf/ambari-agent.ini) echo $value }
Attachments
Attachments
Issue Links
- links to