diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 04d0232..edfd25f 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -684,8 +684,9 @@ struct passwd* check_user(const char *user) { return NULL; } char **banned_users = get_values(BANNED_USERS_KEY); - char **banned_user = (banned_users == NULL) ? + banned_users = banned_users == NULL ? (char**) DEFAULT_BANNED_USERS : banned_users; + char **banned_user = banned_users; for(; *banned_user; ++banned_user) { if (strcmp(*banned_user, user) == 0) { free(user_info); diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c index 7f08e06..be6cc49 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c @@ -89,15 +89,19 @@ void run(const char *cmd) { } } -int write_config_file(char *file_name) { +int write_config_file(char *file_name, int banned) { FILE *file; file = fopen(file_name, "w"); if (file == NULL) { printf("Failed to open %s.\n", file_name); return EXIT_FAILURE; } - fprintf(file, "banned.users=bannedUser\n"); - fprintf(file, "min.user.id=500\n"); + if (banned != 0) { + fprintf(file, "banned.users=bannedUser\n"); + fprintf(file, "min.user.id=500\n"); + } else { + fprintf(file, "min.user.id=0\n"); + } fprintf(file, "allowed.system.users=allowedUser,daemon\n"); fclose(file); return 0; @@ -385,7 +389,7 @@ void test_delete_user() { char buffer[100000]; sprintf(buffer, "%s/test.cfg", app_dir); - if (write_config_file(buffer) != 0) { + if (write_config_file(buffer, 1) != 0) { exit(1); } @@ -745,7 +749,7 @@ int main(int argc, char **argv) { exit(1); } - if (write_config_file(TEST_ROOT "/test.cfg") != 0) { + if (write_config_file(TEST_ROOT "/test.cfg", 1) != 0) { exit(1); } read_config(TEST_ROOT "/test.cfg"); @@ -817,6 +821,16 @@ int main(int argc, char **argv) { seteuid(0); // test_delete_user must run as root since that's how we use the delete_as_user test_delete_user(); + free_configurations(); + + printf("\nTrying banned default user()\n"); + if (write_config_file(TEST_ROOT "/test.cfg", 0) != 0) { + exit(1); + } + + read_config(TEST_ROOT "/test.cfg"); + username = "bin"; + test_check_user(); run("rm -fr " TEST_ROOT); printf("\nFinished tests\n"); diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor.java index 7417f69..8749e9d 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestLinuxContainerExecutor.java @@ -294,6 +294,45 @@ public void testContainerLaunch() throws IOException { assertEquals(appSubmitter, fileStatus.getOwner()); } + //need to create user mapred first before run this test + @Test + public void testBannedUser() throws Exception { + FileContext files = FileContext.getLocalFSFileContext(); + Path workSpacePath = new Path(workSpace.getAbsolutePath()); + System.out.println("workspacepath="+workSpacePath.toString()); + files.mkdir(workSpacePath, null, true); + FileUtil.chmod(workSpace.getAbsolutePath(), "777"); + File localDir = new File(workSpace.getAbsoluteFile(), "localDir"); + files.mkdir(new Path(localDir.getAbsolutePath()), + new FsPermission("777"), false); + files.mkdir(new Path(new File(localDir,"usercache").getAbsolutePath()), + new FsPermission("777"), false); + File logDir = new File(workSpace.getAbsoluteFile(), "logDir"); + files.mkdir(new Path(logDir.getAbsolutePath()), + new FsPermission("777"), false); + String exec_path = System.getProperty("container-executor.path"); + if(exec_path != null && !exec_path.isEmpty()) { + Configuration conf = new Configuration(); + LOG.info("Setting "+YarnConfiguration.NM_LINUX_CONTAINER_EXECUTOR_PATH + +"="+exec_path); + conf.set(YarnConfiguration.NM_LINUX_CONTAINER_EXECUTOR_PATH, exec_path); + conf.set(YarnConfiguration.NM_NONSECURE_MODE_LOCAL_USER_KEY,"mapred"); + exec = new LinuxContainerExecutor(); + exec.setConf(conf); + conf.set(YarnConfiguration.NM_LOCAL_DIRS, localDir.getAbsolutePath()); + conf.set(YarnConfiguration.NM_LOG_DIRS, logDir.getAbsolutePath()); + dirsHandler = new LocalDirsHandlerService(); + dirsHandler.init(conf); + } + appSubmitter ="mapred"; + if (!shouldRun()) { + return; + } + File touchFile = new File(workSpace, "touch-file"); + int ret = runAndBlock("touch", touchFile.getAbsolutePath()); + assertEquals(255, ret); + } + @Test public void testContainerKill() throws Exception { if (!shouldRun()) {