[Feature-#5128]Support turning off sudo permissions (#5129)

* [Feature-#5128]Support turning off sudo permissions

* [Feature-#5128] without sudo permission do not create tenant user

dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java

@@ -155,6 +155,11 @@ public final class Constants {
     public static final String DEVELOPMENT_STATE = "development.state";
     public static final String DEVELOPMENT_STATE_DEFAULT_VALUE = "true";
 
+    /**
+     * sudo enable
+     */
+    public static final String SUDO_ENABLE = "sudo.enable";
+
     /**
      * string true
      */

dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/CommonUtils.java

@@ -68,6 +68,13 @@ public class CommonUtils {
         return PropertyUtils.getBoolean(Constants.DEVELOPMENT_STATE, true);
     }
 
+    /**
+     * @return sudo enable
+     */
+    public static boolean isSudoEnable() {
+        return PropertyUtils.getBoolean(Constants.SUDO_ENABLE, true);
+    }
+
     /**
      * if upload resource is HDFS and kerberos startup is true , else false
      *

dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/OSUtils.java

@@ -22,12 +22,12 @@ import org.apache.dolphinscheduler.common.shell.ShellExecutor;
 
 import org.apache.commons.configuration.Configuration;
 
-import java.lang.management.OperatingSystemMXBean;
 import java.io.BufferedReader;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.lang.management.ManagementFactory;
+import java.lang.management.OperatingSystemMXBean;
 import java.lang.management.RuntimeMXBean;
 import java.math.RoundingMode;
 import java.text.DecimalFormat;
@@ -406,13 +406,17 @@ public class OSUtils {
     }
 
     /**
-     *  get sudo command
+     * get sudo command
+     *
      * @param tenantCode tenantCode
      * @param command command
      * @return result of sudo execute command
      */
     public static String getSudoCmd(String tenantCode, String command) {
-        return StringUtils.isEmpty(tenantCode) ? command : "sudo -u " + tenantCode + " " + command;
+        if (!CommonUtils.isSudoEnable() || StringUtils.isEmpty(tenantCode)) {
+            return command;
+        }
+        return String.format("sudo -u %s %s", tenantCode, command);
     }
 
     /**

dolphinscheduler-common/src/main/resources/common.properties

@@ -76,3 +76,6 @@ datasource.encryption.salt=!@#$%^&*
 
 # Network IP gets priority, default inner outer
 #dolphin.scheduler.network.priority.strategy=default
+
+# use sudo or not, if set true ,executing user is tenant user and deploy user need sudo permissions ; if set false, executing user is the deploy user, don't need sudo permissions.
+sudo.enable=true

dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/processor/TaskExecuteProcessor.java

@@ -20,6 +20,7 @@ package org.apache.dolphinscheduler.server.worker.processor;
 import org.apache.dolphinscheduler.common.enums.Event;
 import org.apache.dolphinscheduler.common.enums.ExecutionStatus;
 import org.apache.dolphinscheduler.common.enums.TaskType;
+import org.apache.dolphinscheduler.common.utils.CommonUtils;
 import org.apache.dolphinscheduler.common.utils.DateUtils;
 import org.apache.dolphinscheduler.common.utils.FileUtils;
 import org.apache.dolphinscheduler.common.utils.JSONUtils;
@@ -147,7 +148,7 @@ public class TaskExecuteProcessor implements NettyRequestProcessor {
         FileUtils.taskLoggerThreadLocal.set(taskLogger);
         try {
             FileUtils.createWorkDirIfAbsent(execLocalPath);
-            if (workerConfig.getWorkerTenantAutoCreate()) {
+            if (CommonUtils.isSudoEnable() && workerConfig.getWorkerTenantAutoCreate()) {
                 OSUtils.createUserIfAbsent(taskExecutionContext.getTenantCode());
             }
         } catch (Throwable ex) {

dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/worker/task/AbstractCommandExecutor.java

@@ -25,6 +25,7 @@ import org.apache.dolphinscheduler.common.Constants;
 import org.apache.dolphinscheduler.common.enums.ExecutionStatus;
 import org.apache.dolphinscheduler.common.thread.Stopper;
 import org.apache.dolphinscheduler.common.thread.ThreadUtils;
+import org.apache.dolphinscheduler.common.utils.CommonUtils;
 import org.apache.dolphinscheduler.common.utils.HadoopUtils;
 import org.apache.dolphinscheduler.common.utils.LoggerUtils;
 import org.apache.dolphinscheduler.common.utils.OSUtils;
@@ -84,7 +85,7 @@ public abstract class AbstractCommandExecutor {
      * log list
      */
     protected final List<String> logBuffer;
-    
+
     protected boolean logOutputIsScuccess = false;
 
     /**
@@ -134,9 +135,11 @@ public abstract class AbstractCommandExecutor {
         processBuilder.redirectErrorStream(true);
 
         // setting up user to run commands
-        command.add("sudo");
-        command.add("-u");
-        command.add(taskExecutionContext.getTenantCode());
+        if (CommonUtils.isSudoEnable()) {
+            command.add("sudo");
+            command.add("-u");
+            command.add(taskExecutionContext.getTenantCode());
+        }
         command.add(commandInterpreter());
         command.addAll(commandOptions());
         command.add(commandFile);
@@ -595,4 +598,4 @@ public abstract class AbstractCommandExecutor {
     public void setTaskResultString(String taskResultString) {
         this.taskResultString = taskResultString;
     }
-}
+}