[Fix-16918][Task] Fix wrong permissions configuration while executing shell #16923
Conversation
BruceWong96
requested review from
caishunfeng,
SbloodyS and
ruanwenjun
as code owners
BruceWong96
changed the title
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
Outdated
Show resolved
Hide resolved
| @@ -51,6 +52,9 @@ public static void createTaskInstanceWorkingDirectory(TaskExecutionContext taskE | |||
| taskInstanceWorkingDirectory); | |||
| } | |||
| FileUtils.createDirectoryWith755(Paths.get(taskInstanceWorkingDirectory)); | |||
| final Path taskInstanceWorkingDirectoryPath = Paths.get(taskInstanceWorkingDirectory); | |||
There was a problem hiding this comment.
If we change to 775 and make bootstrap user has the same group with tenant, then tenant will have permission to create file at working directory.
There was a problem hiding this comment.
If we change to
775and make bootstrap user has the same group with tenant, then tenant will have permission to create file at working directory.
So, can i create a function createDirectoryWith775() and call it here ?
There was a problem hiding this comment.
I think we can. cc @caishunfeng, @SbloodyS
There was a problem hiding this comment.
I'm ok with this. If we change the task instance working directory to 775, we should add it to the installation docs to tell users add tenant to ds user's group.
There was a problem hiding this comment.
@SbloodyS
Which part of the document should I update?
Also, please review the code i just committed.
Thanks.
There was a problem hiding this comment.
There was a problem hiding this comment.
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
Outdated
Show resolved
Hide resolved
|
You should run |
SbloodyS
changed the title
Finished. Thanks. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
Fixed
Show fixed
Hide fixed
|
@caishunfeng @EricGao888 PTAL. |
| } else { | ||
| Path parent = path.getParent(); | ||
| if (parent != null && !parent.toFile().exists()) { | ||
| createDirectoryWith755(parent); |
There was a problem hiding this comment.
| createDirectoryWith755(parent); | |
| createDirectoryWith775(parent); |
Can we unify the method createDirectoryWith755 ? these two method has the same logic.
We can create a new method createDirectory(@nonnull Path path, Set permissions);
There was a problem hiding this comment.
Finished, thanks for your advice. PATL. @ruanwenjun
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
Show resolved
Hide resolved
| @@ -289,6 +268,29 @@ | |||
| } | |||
| } | |||
|
|
|||
| public static void createDirectoryWithPermission(@NonNull Path path, | |||
| @NonNull Set<PosixFilePermission> permissions) throws IOException { | |||
| if (path.toFile().exists()) { | |||
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| Files.createDirectories(path); | ||
| } else { | ||
| Path parent = path.getParent(); | ||
| if (parent != null && !parent.toFile().exists()) { |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| } | ||
|
|
||
| try { | ||
| Files.createDirectory(path); |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| Files.createDirectory(path); | ||
| Files.setPosixFilePermissions(path, permissions); | ||
| } catch (FileAlreadyExistsException fileAlreadyExistsException) { | ||
| log.error("The directory: {} already exists", path); |
Check failure
Code scanning / CodeQL
Log Injection High
|
Purpose of the pull request
close #16918
Brief change log
Verify this pull request
This pull request is code cleanup without any test coverage.
(or)
This pull request is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(or)
Pull Request Notice
Pull Request Notice
If your pull request contain incompatible change, you should also add it to
docs/docs/en/guide/upgrede/incompatible.md