OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
diff --git a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
index df3fbb2..ec45fe4 100644
--- a/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
+++ b/core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java
@@ -33,6 +33,7 @@
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
+import java.security.PrivilegedExceptionAction;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
@@ -96,6 +97,7 @@
import org.apache.oozie.service.Services;
import org.apache.oozie.service.ShareLibService;
import org.apache.oozie.service.URIHandlerService;
+import org.apache.oozie.service.UserGroupInformationService;
import org.apache.oozie.service.WorkflowAppService;
import org.apache.oozie.util.ClasspathUtils;
import org.apache.oozie.util.ELEvaluationException;
@@ -1205,7 +1207,7 @@
final WorkflowAction action,
final Credentials credentials,
final Element actionXml)
- throws IOException, HadoopAccessorException, URISyntaxException {
+ throws IOException, HadoopAccessorException, URISyntaxException, InterruptedException {
ApplicationSubmissionContext appContext = Records.newRecord(ApplicationSubmissionContext.class);
@@ -1223,9 +1225,20 @@
final String user = actionContext.getWorkflow().getUser();
// Set the resources to localize
- Map<String, LocalResource> localResources = new HashMap<String, LocalResource>();
- ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
- MRApps.setupDistributedCache(launcherJobConf, localResources);
+ Map<String, LocalResource> localResources = new HashMap<>();
+ // Executing code inside a doAs so we don't need execute permission for oozie user
+ // on the home directory of the submitting user
+ final UserGroupInformationService ugiService = Services.get().get(UserGroupInformationService.class);
+ final UserGroupInformation ugi = ugiService.getProxyUser(user);
+ ugi.doAs(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ setEnvironmentVariables(launcherJobConf, amContainer);
+ ClientDistributedCacheManager.determineTimestampsAndCacheVisibilities(launcherJobConf);
+ MRApps.setupDistributedCache(launcherJobConf, localResources);
+ return null;
+ }
+ });
+
// Add the Launcher and Action configs as Resources
HadoopAccessorService has = Services.get().get(HadoopAccessorService.class);
launcherJobConf.set(LauncherAM.OOZIE_SUBMITTER_USER, user);
@@ -1237,7 +1250,6 @@
localResources.put(LauncherAM.ACTION_CONF_XML, actionConfLR);
amContainer.setLocalResources(localResources);
- setEnvironmentVariables(launcherJobConf, amContainer);
List<String> vargs = createCommand(launcherJobConf, actionContext);
setJavaOpts(launcherJobConf, actionXml, vargs);
diff --git a/release-log.txt b/release-log.txt
index 7abf8ae..adfe81d 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.2.0 release (trunk - unreleased)
+OOZIE-3478 Oozie needs execute permission on the submitting users home directory (asalamon74 via gezapeti, pbacsko, kmarton)
OOZIE-3393 Add Oozie instrumentation delayed metric in CoordMaterializeTriggerService (zuston via asalamon74)
OOZIE-3477 Fix parameter checking in WorkflowStore.getWorkflowCountWithStatusInLastNSeconds (zuston via asalamon74)
OOZIE-3470 PurgeXCommand coordActionDel variable assignment should be standardized (zuston via asalamon74)
