Google Git
Sign in
apache / hadoop-mapreduce / 0a163e29fcbcfb8fbf0e67f0aeb96880fecd4d71^! / .
commit0a163e29fcbcfb8fbf0e67f0aeb96880fecd4d71[log] [tgz]
authorEli Collins <eli@apache.org>Fri May 13 22:06:36 2011 +0000
committerEli Collins <eli@apache.org>Fri May 13 22:06:36 2011 +0000
tree8d16c3b54e576ff07aa00c2b39c3af9bc5d7980f
parent683b1a29066df74468dd4d5d068d2a9b0f5f14e1 [diff]
MAPREDUCE-2103. task-controller shouldn't require o-r permissions. Contributed by Todd Lipcon


git-svn-id: https://svn.apache.org/repos/asf/hadoop/mapreduce/trunk@1102908 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES.txt b/CHANGES.txt
index d8af240..ba636d9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt

@@ -382,6 +382,9 @@
     MAPREDUCE-2222. Ivy resolve force mode should be turned off by default.
     (Luke Lu via tomwhite)
 
+    MAPREDUCE-2103. task-controller shouldn't require o-r permissions.
+    (todd via eli)
+
   OPTIMIZATIONS
 
     MAPREDUCE-1354. Enhancements to JobTracker for better performance and

diff --git a/src/c++/task-controller/main.c b/src/c++/task-controller/main.c
index 2d1af9e..216417e 100644
--- a/src/c++/task-controller/main.c
+++ b/src/c++/task-controller/main.c

@@ -49,8 +49,8 @@
  * promisable. For this, we need task-controller binary to
  *    * be user-owned by root
  *    * be group-owned by a configured special group.
- *    * others do not have any permissions
- *    * be setuid/setgid
+ *    * others do not have write or execute permissions
+ *    * be setuid
  */
 int check_taskcontroller_permissions(char *executable_file) {
 
@@ -99,19 +99,18 @@
     return -1;
   }
   
-  // check others do not have read/write/execute permissions
-  if ((filestat.st_mode & S_IROTH) == S_IROTH || (filestat.st_mode & S_IWOTH)
-      == S_IWOTH || (filestat.st_mode & S_IXOTH) == S_IXOTH) {
+  // check others do not have write/execute permissions
+  if ((filestat.st_mode & S_IWOTH) == S_IWOTH ||
+      (filestat.st_mode & S_IXOTH) == S_IXOTH) {
     fprintf(LOGFILE,
-      "The task-controller binary should not have read or write or execute for others.\n");
+      "The task-controller binary should not have write or execute for others.\n");
     return -1;
   }
 
-  // Binary should be setuid/setgid executable
-  if ((filestat.st_mode & S_ISUID) != S_ISUID || (filestat.st_mode & S_ISGID)
-      != S_ISGID) {
-    fprintf(LOGFILE,
-        "The task-controller binary should be set setuid and setgid bits.\n");
+  // Binary should be setuid executable
+  if ((filestat.st_mode & S_ISUID) != S_ISUID) {
+     fprintf(LOGFILE,
+        "The task-controller binary should be set setuid.\n");
     return -1;
   }