Skip to content

The permissions.json file

Jump to bottom
philipl edited this page Feb 10, 2014 · 3 revisions

The permissions.json file is a secondary, optional, part of the parcel metadata. It contains file ownership and mode information that should be applied to specific files after the parcel is unpacked (eg: For setting the suid bit on binary).

Why this is necessary

tar files have a limited ability to preserve file ownership and mode information, but this is insufficient to handle all situations.

  • user/group probably don't exist at unpack time: Given that parcel specific users are created by reading the parcel.json file, they won't exist at the time we unpack the parcel, meaning that ownership cannot be preserved.
  • suid/gid bits are not preserved: if you do need to mark a file suid/sgid, it cannot be done through tar.

Consequently, all files are unpacked to the current CM Agent user (usually root) and specific files can get their permissions updated using permissions.json

A permissions.json example

{
  "lib/hadoop-0.20-mapreduce/sbin/Linux/task-controller": {
    "user":  "root",
    "group": "mapred",
    "permissions": "4754"
  },
  "lib/hadoop-yarn/bin/container-executor": {
    "user":  "root",
    "group": "yarn",
    "permissions": "6050"
  },
  "lib/hue/desktop": {
    "user":  "hue",
    "group": "hue",
    "permissions": "0755"
  }
}

Fields

  • Map Key: The path within the parcel of the file or directory to set ownership and permissions for. Note that this is not recursive. Adding an entry for a directory will only change permissions for the directory itself.
  • user: The user who should own the file
  • group: The group that should own the file
  • permissions: The permissions that should be assigned to the file, expressed in standard octal notation. If none of the special modes need to be set, the leading digit should be left as '0'.

Recommended usage

Under normal circumstances, only specific files in a parcel should require specific ownership or permissions. The rest of the files should get default ownership from the CM Agent and use standard permissions that can be propagated through the parcel untar. This is the main reason why no recursive permission option is provided.

Clone this wiki locally