From f2d146665c78fedd09027ba624aa5b5180bc7f33 Mon Sep 17 00:00:00 2001 From: Wenjun Ruan Date: Wed, 29 Nov 2023 16:28:39 +0800 Subject: [PATCH] Use chown to set the file owner (#15240) --- .../common/utils/FileUtils.java | 35 +++++++++---------- .../utils/TaskExecutionCheckerUtils.java | 19 +++++----- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java index 513da9b48e..abbfdbfcd3 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java @@ -25,8 +25,6 @@ import static org.apache.dolphinscheduler.common.constants.Constants.RESOURCE_VI import static org.apache.dolphinscheduler.common.constants.Constants.UTF_8; import static org.apache.dolphinscheduler.common.constants.DateConstants.YYYYMMDDHHMMSS; -import org.apache.dolphinscheduler.common.constants.TenantConstants; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.SystemUtils; @@ -37,15 +35,12 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; -import java.nio.file.FileSystems; import java.nio.file.Files; import java.nio.file.NoSuchFileException; import java.nio.file.Path; import java.nio.file.attribute.FileAttribute; import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermissions; -import java.nio.file.attribute.UserPrincipal; -import java.nio.file.attribute.UserPrincipalLookupService; import java.util.Set; import java.util.zip.CRC32; import java.util.zip.CheckedInputStream; @@ -328,19 +323,23 @@ public class FileUtils { return crcString; } - public static void setFileOwner(Path path, String tenant) { - try { - if (TenantConstants.DEFAULT_TENANT_CODE.equals(tenant)) { - log.debug("The current tenant: {} is the default tenant, no need to set the owner for file: {}", tenant, - path); - return; - } - UserPrincipalLookupService userPrincipalLookupService = - FileSystems.getDefault().getUserPrincipalLookupService(); - UserPrincipal tenantPrincipal = userPrincipalLookupService.lookupPrincipalByName(tenant); - Files.setOwner(path, tenantPrincipal); - } catch (IOException e) { - log.error("Set file: {} owner to: {} failed", path, tenant, e); + public static void setFileOwner(Path filePath, String fileOwner) throws InterruptedException, IOException { + // We use linux command to set the file owner, since jdk api will not use sudo. + String command = String.format("sudo chown %s %s", fileOwner, filePath.toString()); + Runtime.getRuntime().exec(command); + Process process = Runtime.getRuntime().exec(command); + if (0 != process.waitFor()) { + throw new RuntimeException("Set file: " + filePath + " to owner: " + fileOwner + " failed"); + } + } + + public static void setDirectoryOwner(Path filePath, String fileOwner) throws IOException, InterruptedException { + // We use linux command to set the file owner, since jdk api will not use sudo. + String command = String.format("sudo chown -R %s %s", fileOwner, filePath.toString()); + Runtime.getRuntime().exec(command); + Process process = Runtime.getRuntime().exec(command); + if (0 != process.waitFor()) { + throw new RuntimeException("Set directory: " + filePath + " to owner: " + fileOwner + " failed"); } } diff --git a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java index 4b9a5e0cee..322e16bc2b 100644 --- a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java +++ b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java @@ -92,8 +92,9 @@ public class TaskExecutionCheckerUtils { taskExecutionContext.setAppInfoPath(FileUtils.getAppInfoPath(execLocalPath)); Path executePath = Paths.get(taskExecutionContext.getExecutePath()); FileUtils.createDirectoryIfNotPresent(executePath); - if (OSUtils.isSudoEnable()) { - FileUtils.setFileOwner(executePath, taskExecutionContext.getTenantCode()); + if (OSUtils.isSudoEnable() + && !TenantConstants.DEFAULT_TENANT_CODE.equals(taskExecutionContext.getTenantCode())) { + FileUtils.setDirectoryOwner(executePath, taskExecutionContext.getTenantCode()); } } catch (Throwable ex) { throw new TaskException("Cannot create process execute dir", ex); @@ -129,18 +130,20 @@ public class TaskExecutionCheckerUtils { try { String fullName = fileDownload.getLeft(); String fileName = fileDownload.getRight(); - log.info("get resource file from path:{}", fullName); long resourceDownloadStartTime = System.currentTimeMillis(); - storageOperate.download(actualTenant, fullName, execLocalPath + File.separator + fileName, true); - if (OSUtils.isSudoEnable()) { - FileUtils.setFileOwner(Paths.get(execLocalPath, fileName), + + Path localFileAbsolutePath = Paths.get(execLocalPath, fileName); + storageOperate.download(actualTenant, fullName, localFileAbsolutePath.toString(), true); + log.info("Download resource file {} under: {} successfully", fileName, localFileAbsolutePath); + if (OSUtils.isSudoEnable() && !TenantConstants.DEFAULT_TENANT_CODE.equals(tenant)) { + FileUtils.setFileOwner(localFileAbsolutePath, taskExecutionContext.getTenantCode()); + log.info("Set file {} owner to {} successfully", localFileAbsolutePath, taskExecutionContext.getTenantCode()); } WorkerServerMetrics .recordWorkerResourceDownloadTime(System.currentTimeMillis() - resourceDownloadStartTime); - WorkerServerMetrics.recordWorkerResourceDownloadSize( - Files.size(Paths.get(execLocalPath, fileName))); + WorkerServerMetrics.recordWorkerResourceDownloadSize(Files.size(localFileAbsolutePath)); WorkerServerMetrics.incWorkerResourceDownloadSuccessCount(); } catch (Exception e) { WorkerServerMetrics.incWorkerResourceDownloadFailureCount();