I'm having some really annoying permissions problems when hue starts up the beeswax server.
I'm using MySQL as the hive-metastore, so hive-site.xml has database passwords in it on the hive server node. To protect those passwords, I've made hive-site.xml mode 440. It is owned as hive:hive.
I'm trying to run hue on the same node that hive server is running on. Beeswax needs to be able to read hive-site.xml. I've added the hue user to the hive group. Since hive-site.xml is group-owned by hive, it should be able to read this file.
However, the comments in /etc/init.d/hue are conflicting:
DAEMONUSER=hue # Users to run the daemons as. If this value is set start-stop-daemon will chuid the server
And then in start_server():
- dont setuid, since supervisor will drop privileges on its own
Looking in /usr/share/hue/desktop/core/src/desktop/supervisor.py, there is this comment:
- User and group to setuid/setgid down to for any supervisees that don't have
- the drop_root option set to False
SETUID_USER = "hue"
SETGID_GROUP = "hue"
It seems that the original intention was to honor the init.d scripts $DAEMONUSER variable, but clearly this isn't happening. Since the init script does not pass --chuid $DAEMONUSER to start-stop-daemon, the hue processes will always run as the hue user. This is obviously wrong, but wouldn't be a problem for me if supervisor.py also kept supplemental gids when calling os.setgid(gr.gr_gid).
supervisor.py seems smart enough not to setuid if already not running as root. Shouldn't the hue init.d script just pass --chuid $DAEMONUSER to start-stop-daemon?