AMBARI-4111. RMF Fix Execute user attribute to work like su does

(aonishuk)

ambari-agent/src/main/python/resource_management/core/providers/system.py

@@ -208,10 +208,6 @@ def _preexec_fn(resource):
       gid = _coerce_gid(resource.group)
       os.setgid(gid)
       os.setegid(gid)
-    if resource.user:
-      uid = _coerce_uid(resource.user)
-      os.setuid(uid)
-      os.seteuid(uid)
 
   return preexec
 
@@ -234,7 +230,7 @@ class ExecuteProvider(Provider):
       try:
         shell.checked_call(self.resource.command, logoutput=self.resource.logoutput,
                             cwd=self.resource.cwd, env=self.resource.environment,
-                            preexec_fn=_preexec_fn(self.resource))
+                            preexec_fn=_preexec_fn(self.resource), user=self.resource.user)
         break
       except Fail as ex:
         if i == self.resource.tries-1: # last try

ambari-agent/src/main/python/resource_management/core/shell.py

@@ -30,16 +30,16 @@ from exceptions import Fail
 log = logging.getLogger("resource_management.provider")
 
 def checked_call(command, logoutput=False, 
-         cwd=None, env=None, preexec_fn=None):
-  return _call(command, logoutput, True, cwd, env, preexec_fn)
+         cwd=None, env=None, preexec_fn=None, user=None):
+  return _call(command, logoutput, True, cwd, env, preexec_fn, user)
 
 def call(command, logoutput=False, 
-         cwd=None, env=None, preexec_fn=None):
-  return _call(command, logoutput, False, cwd, env, preexec_fn)
+         cwd=None, env=None, preexec_fn=None, user=None):
+  return _call(command, logoutput, False, cwd, env, preexec_fn, user)
   
 
 def _call(command, logoutput=False, throw_on_failure=True, 
-         cwd=None, env=None, preexec_fn=None):
+         cwd=None, env=None, preexec_fn=None, user=None):
   """
   Execute shell command
   
@@ -54,7 +54,10 @@ def _call(command, logoutput=False, throw_on_failure=True,
   if isinstance(command, (list, tuple)):
     command = ' '.join(pipes.quote(x) for x in command)
 
-  command = ["/bin/bash","--login","-c", command]
+  if user:
+    command = ["su", "-", user, "-c", command]
+  else:
+    command = ["/bin/bash","--login","-c", command]
 
   proc = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
                           cwd=cwd, env=env, shell=False,

ambari-server/src/main/resources/stacks/HDP/2.0._/services/OOZIE/package/scripts/oozie_service.py

@@ -7,7 +7,7 @@ def oozie_service(action = 'start'): # 'start' or 'stop'
   no_op_test = format("ls {pid_file} >/dev/null 2>&1 && ps `cat {pid_file}` >/dev/null 2>&1")
   
   if action == 'start':
-    start_cmd = format("su - {oozie_user} -c  'cd {oozie_tmp_dir} && /usr/lib/oozie/bin/oozie-start.sh'")
+    start_cmd = format("cd {oozie_tmp_dir} && /usr/lib/oozie/bin/oozie-start.sh")
     
     if params.jdbc_driver_name == "com.mysql.jdbc.Driver" or params.jdbc_driver_name == "oracle.jdbc.driver.OracleDriver":
       db_connection_check_command = format("{java_home}/bin/java -cp {check_db_connection_jar}:{jdbc_driver_jar} org.apache.ambari.server.DBConnectionVerification {oozie_jdbc_connection_url} {oozie_metastore_user_name} {oozie_metastore_user_passwd} {jdbc_driver_name}")
@@ -32,7 +32,8 @@ def oozie_service(action = 'start'): # 'start' or 'stop'
     )
     
     Execute( start_cmd,
-      not_if  = no_op_test
+      user = params.oozie_user,
+      not_if  = no_op_test,
     )
   elif action == 'stop':
     stop_cmd  = format("su - {oozie_user} -c  'cd {oozie_tmp_dir} && /usr/lib/oozie/bin/oozie-stop.sh' && rm -f {pid_file}")

ambari-server/src/main/resources/stacks/HDP/2.0._/services/YARN/package/scripts/service.py

@@ -41,10 +41,10 @@ def service(
   cmd = format("export HADOOP_LIBEXEC_DIR={hadoop_libexec_dir} && {daemon} --config {config_dir}")
 
   if action == 'start':
-    daemon_cmd = format("su - {usr} -c '{cmd} start {name}'")
+    daemon_cmd = format("{cmd} start {name}")
     no_op = format("ls {pid_file} >/dev/null 2>&1 && ps `cat {pid_file}` >/dev/null 2>&1")
     Execute(daemon_cmd,
-            #user=usr,      #Fix execution from user
+            user=usr,
             not_if=no_op
     )