This is an automated email from the ASF dual-hosted git repository.
wenjun pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 890376a9ee [Fix-16918][Task] Make task working directory to 775
(#16923)
890376a9ee is described below
commit 890376a9eebef74a930f41e390a8402c1f92493c
Author: Bruce Wong <[email protected]>
AuthorDate: Wed Jan 8 13:45:13 2025 +0800
[Fix-16918][Task] Make task working directory to 775 (#16923)
---
docs/docs/en/guide/security/security.md | 4 +-
docs/docs/zh/guide/security/security.md | 4 +-
.../dolphinscheduler/common/utils/FileUtils.java | 52 +++++++++++-----------
.../common/utils/FileUtilsTest.java | 6 +--
.../plugin/storage/abs/AbsStorageOperator.java | 2 +-
.../plugin/storage/cos/CosStorageOperator.java | 2 +-
.../plugin/storage/gcs/GcsStorageOperator.java | 2 +-
.../plugin/storage/obs/ObsStorageOperator.java | 2 +-
.../plugin/storage/oss/OssStorageOperator.java | 2 +-
.../plugin/storage/s3/S3StorageOperator.java | 2 +-
.../worker/utils/TaskExecutionContextUtils.java | 3 +-
.../utils/TaskExecutionContextUtilsTest.java | 2 +-
12 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/docs/docs/en/guide/security/security.md
b/docs/docs/en/guide/security/security.md
index 646243a964..fe11755d2f 100644
--- a/docs/docs/en/guide/security/security.md
+++ b/docs/docs/en/guide/security/security.md
@@ -19,7 +19,9 @@ Administrator login, default username/password:
admin/dolphinscheduler123
- Tenant Code: **The tenant code is the user on Linux, unique and cannot be
repeated**
- The administrator enters the `Security Center->Tenant Management` page, and
clicks the `Create Tenant` button to create a tenant.
-> Note: Currently, only admin users can modify tenant.
+> Note:
+> 1. Currently, only admin users can modify tenant.
+> 2. If you create a tenant manually in the Linux, you need to add the
manually created tenant to the dolphinscheduler bootstrap user's group, so that
the tenant will have enough working directory permissions.
diff --git a/docs/docs/zh/guide/security/security.md
b/docs/docs/zh/guide/security/security.md
index a48954cfec..43e90fba1a 100644
--- a/docs/docs/zh/guide/security/security.md
+++ b/docs/docs/zh/guide/security/security.md
@@ -18,7 +18,9 @@
- 租户编码:**租户编码是 Linux上 的用户,唯一,不能重复**
- 管理员进入安全中心->租户管理页面,点击“创建租户”按钮,创建租户。
-> 注意:目前仅有 admin 用户可以修改租户。
+> 注意:
+> 1. 目前仅有 admin 用户可以修改租户;
+> 2. 如果您在 Linux 中手动创建一个租户,则需要将手动创建的租户添加到 dolphinscheduler
启动用户组,以便该租户拥有足够的工作目录权限。
diff --git
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
index 685dc63e4e..c826d713ac 100644
---
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
+++
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java
@@ -62,7 +62,9 @@ public class FileUtils {
public static final String KUBE_CONFIG_FILE = "config";
- private static final Set<PosixFilePermission> PERMISSION_755 =
PosixFilePermissions.fromString("rwxr-xr-x");
+ public static final Set<PosixFilePermission> PERMISSION_755 =
PosixFilePermissions.fromString("rwxr-xr-x");
+
+ public static final Set<PosixFilePermission> PERMISSION_775 =
PosixFilePermissions.fromString("rwxrwxr-x");
/**
* get download file absolute path and name
@@ -239,7 +241,7 @@ public class FileUtils {
public static void createFileWith755(@NonNull Path path) throws
IOException {
final Path parent = path.getParent();
if (!parent.toFile().exists()) {
- createDirectoryWith755(parent);
+ createDirectoryWithPermission(parent, PERMISSION_755);
}
if (SystemUtils.IS_OS_WINDOWS) {
Files.createFile(path);
@@ -249,29 +251,6 @@ public class FileUtils {
}
}
- public static void createDirectoryWith755(@NonNull Path path) throws
IOException {
- if (path.toFile().exists()) {
- return;
- }
- if (OSUtils.isWindows()) {
- Files.createDirectories(path);
- } else {
- Path parent = path.getParent();
- if (parent != null && !parent.toFile().exists()) {
- createDirectoryWith755(parent);
- }
-
- try {
- Files.createDirectory(path);
- Files.setPosixFilePermissions(path, PERMISSION_755);
- } catch (FileAlreadyExistsException fileAlreadyExistsException) {
- // Catch the FileAlreadyExistsException here to avoid create
the same parent directory in parallel
- log.debug("The directory: {} already exists", path);
- }
-
- }
- }
-
public static void setFileTo755(File file) throws IOException {
if (OSUtils.isWindows()) {
return;
@@ -289,6 +268,29 @@ public class FileUtils {
}
}
+ public static void createDirectoryWithPermission(@NonNull Path path,
+ @NonNull
Set<PosixFilePermission> permissions) throws IOException {
+ if (path.toFile().exists()) {
+ return;
+ }
+
+ if (OSUtils.isWindows()) {
+ Files.createDirectories(path);
+ } else {
+ Path parent = path.getParent();
+ if (parent != null && !parent.toFile().exists()) {
+ createDirectoryWithPermission(parent, permissions);
+ }
+
+ try {
+ Files.createDirectory(path);
+ Files.setPosixFilePermissions(path, permissions);
+ } catch (FileAlreadyExistsException fileAlreadyExistsException) {
+ log.error("The directory: {} already exists", path);
+ }
+ }
+ }
+
public static String concatFilePath(String... paths) {
if (paths.length == 0) {
throw new IllegalArgumentException("At least one path should be
provided");
diff --git
a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java
b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java
index 581ee8e822..2396d52c20 100644
---
a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java
+++
b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java
@@ -60,10 +60,10 @@ public class FileUtilsTest {
}
@Test
- public void createDirectoryWith755() throws IOException {
+ public void testCreateDirectoryWithPermission() throws IOException {
Path path = Paths.get("/tmp/createWorkDirAndUserIfAbsent");
try {
- FileUtils.createDirectoryWith755(path);
+ FileUtils.createDirectoryWithPermission(path,
FileUtils.PERMISSION_755);
File file = path.toFile();
Assertions.assertTrue(file.exists());
Assertions.assertTrue(file.isDirectory());
@@ -71,7 +71,7 @@ public class FileUtilsTest {
Assertions.assertTrue(file.canRead());
Assertions.assertTrue(file.canWrite());
- FileUtils.createDirectoryWith755(Paths.get("/"));
+ FileUtils.createDirectoryWithPermission(Paths.get("/"),
FileUtils.PERMISSION_755);
} catch (Exception e) {
e.printStackTrace();
Assertions.fail(e.getMessage());
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-abs/src/main/java/org/apache/dolphinscheduler/plugin/storage/abs/AbsStorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-abs/src/main/java/org/apache/dolphinscheduler/plugin/storage/abs/AbsStorageOperator.java
index 0b6030082e..edd2b86c59 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-abs/src/main/java/org/apache/dolphinscheduler/plugin/storage/abs/AbsStorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-abs/src/main/java/org/apache/dolphinscheduler/plugin/storage/abs/AbsStorageOperator.java
@@ -99,7 +99,7 @@ public class AbsStorageOperator extends
AbstractStorageOperator implements Close
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
BlobClient blobClient = blobContainerClient.getBlobClient(srcFilePath);
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-cos/src/main/java/org/apache/dolphinscheduler/plugin/storage/cos/CosStorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-cos/src/main/java/org/apache/dolphinscheduler/plugin/storage/cos/CosStorageOperator.java
index e2f605ec91..c4d1468260 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-cos/src/main/java/org/apache/dolphinscheduler/plugin/storage/cos/CosStorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-cos/src/main/java/org/apache/dolphinscheduler/plugin/storage/cos/CosStorageOperator.java
@@ -148,7 +148,7 @@ public class CosStorageOperator extends
AbstractStorageOperator implements Close
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
GetObjectRequest getObjectRequest = new GetObjectRequest(bucketName,
cosKey);
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-gcs/src/main/java/org/apache/dolphinscheduler/plugin/storage/gcs/GcsStorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-gcs/src/main/java/org/apache/dolphinscheduler/plugin/storage/gcs/GcsStorageOperator.java
index fe85a402b8..9036fb1cd1 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-gcs/src/main/java/org/apache/dolphinscheduler/plugin/storage/gcs/GcsStorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-gcs/src/main/java/org/apache/dolphinscheduler/plugin/storage/gcs/GcsStorageOperator.java
@@ -112,7 +112,7 @@ public class GcsStorageOperator extends
AbstractStorageOperator implements Close
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
Blob blob = gcsStorage.get(BlobId.of(bucketName, srcFilePath));
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-obs/src/main/java/org/apache/dolphinscheduler/plugin/storage/obs/ObsStorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-obs/src/main/java/org/apache/dolphinscheduler/plugin/storage/obs/ObsStorageOperator.java
index 129b9a8828..fd96ff16a0 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-obs/src/main/java/org/apache/dolphinscheduler/plugin/storage/obs/ObsStorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-obs/src/main/java/org/apache/dolphinscheduler/plugin/storage/obs/ObsStorageOperator.java
@@ -111,7 +111,7 @@ public class ObsStorageOperator extends
AbstractStorageOperator implements Close
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
ObsObject obsObject = obsClient.getObject(bucketName, srcFilePath);
try (
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-oss/src/main/java/org/apache/dolphinscheduler/plugin/storage/oss/OssStorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-oss/src/main/java/org/apache/dolphinscheduler/plugin/storage/oss/OssStorageOperator.java
index 0b78ce49b4..c243c8ac5a 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-oss/src/main/java/org/apache/dolphinscheduler/plugin/storage/oss/OssStorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-oss/src/main/java/org/apache/dolphinscheduler/plugin/storage/oss/OssStorageOperator.java
@@ -169,7 +169,7 @@ public class OssStorageOperator extends
AbstractStorageOperator implements Close
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
OSSObject ossObject = ossClient.getObject(bucketName, srcFilePath);
try (
diff --git
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-s3/src/main/java/org/apache/dolphinscheduler/plugin/storage/s3/S3StorageOperator.java
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-s3/src/main/java/org/apache/dolphinscheduler/plugin/storage/s3/S3StorageOperator.java
index d1836d7c94..2f4954fe1c 100644
---
a/dolphinscheduler-storage-plugin/dolphinscheduler-storage-s3/src/main/java/org/apache/dolphinscheduler/plugin/storage/s3/S3StorageOperator.java
+++
b/dolphinscheduler-storage-plugin/dolphinscheduler-storage-s3/src/main/java/org/apache/dolphinscheduler/plugin/storage/s3/S3StorageOperator.java
@@ -113,7 +113,7 @@ public class S3StorageOperator extends
AbstractStorageOperator implements Closea
if (dstFile.isDirectory()) {
Files.delete(dstFile.toPath());
} else {
- FileUtils.createDirectoryWith755(dstFile.getParentFile().toPath());
+
FileUtils.createDirectoryWithPermission(dstFile.getParentFile().toPath(),
FileUtils.PERMISSION_755);
}
S3Object o = s3Client.getObject(bucketName, srcFilePath);
try (
diff --git
a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtils.java
b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtils.java
index cbe2a6f8aa..79536bb78b 100644
---
a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtils.java
+++
b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtils.java
@@ -50,7 +50,8 @@ public class TaskExecutionContextUtils {
log.warn("The TaskInstance WorkingDirectory: {} is exist, will
recreate again",
taskInstanceWorkingDirectory);
}
-
FileUtils.createDirectoryWith755(Paths.get(taskInstanceWorkingDirectory));
+
+
FileUtils.createDirectoryWithPermission(Paths.get(taskInstanceWorkingDirectory),
FileUtils.PERMISSION_775);
taskExecutionContext.setExecutePath(taskInstanceWorkingDirectory);
taskExecutionContext.setAppInfoPath(FileUtils.getAppInfoPath(taskInstanceWorkingDirectory));
diff --git
a/dolphinscheduler-worker/src/test/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtilsTest.java
b/dolphinscheduler-worker/src/test/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtilsTest.java
index 328006f83b..05d419696b 100644
---
a/dolphinscheduler-worker/src/test/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtilsTest.java
+++
b/dolphinscheduler-worker/src/test/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionContextUtilsTest.java
@@ -44,7 +44,7 @@ class TaskExecutionContextUtilsTest {
try {
// Test if the working directory is exist
// will delete it and recreate
- FileUtils.createDirectoryWith755(Paths.get(taskWorkingDirectory));
+
FileUtils.createDirectoryWithPermission(Paths.get(taskWorkingDirectory),
FileUtils.PERMISSION_775);
Files.createFile(Paths.get(taskWorkingDirectory, "text.txt"));
Assertions.assertTrue(Files.exists(Paths.get(taskWorkingDirectory,
"text.txt")));
