diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 4fc21cb..029a9af 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -599,20 +599,28 @@ int set_user(const char *user) { * Change the ownership of the given file or directory to the new user. */ static int change_owner(const char* path, uid_t user, gid_t group) { - if (geteuid() == user && getegid() == group) { - return 0; - } else { - uid_t old_user = geteuid(); - gid_t old_group = getegid(); - if (change_effective_user(0, group) != 0) { - return -1; - } - if (chown(path, user, group) != 0) { - fprintf(LOGFILE, "Can't chown %s to %d:%d - %s\n", path, user, group, - strerror(errno)); - return -1; + uid_t old_user = geteuid(); + gid_t old_group = getegid(); + int switch_user = 1; + + if (old_user == user && old_group == group) { + switch_user = 0; + } + if (switch_user && change_effective_user(0, group) != 0) { + return -1; + } + if (chown(path, user, group) != 0) { + fprintf(LOGFILE, "Can't chown %s to %d:%d - %s\n", path, user, group, + strerror(errno)); + if (switch_user) { + change_effective_user(old_user, old_group); } + return -1; + } + if(switch_user) { return change_effective_user(old_user, old_group); + } else { + return 0; } } @@ -637,16 +645,17 @@ int create_directory_for_user(const char* path) { if (ret == 0) { if (0 == mkdir(path, permissions) || EEXIST == errno) { - // need to reassert the group sticky bit - if (chmod(path, permissions) != 0) { - fprintf(LOGFILE, "Can't chmod %s to add the sticky bit - %s\n", - path, strerror(errno)); - ret = -1; - } else if (change_owner(path, user, nm_gid) != 0) { + if (change_owner(path, user, nm_gid) != 0) { fprintf(LOGFILE, "Failed to chown %s to %d:%d: %s\n", path, user, nm_gid, strerror(errno)); ret = -1; } + // need to reassert the group sticky bit + else if (chmod(path, permissions) != 0) { + fprintf(LOGFILE, "Can't chmod %s to add the sticky bit - %s\n", + path, strerror(errno)); + ret = -1; + } } else { fprintf(LOGFILE, "Failed to create directory %s - %s\n", path, strerror(errno));