accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: System disallows granting System.GRANT
Date Tue, 03 Mar 2015 03:57:27 GMT
Thanks for the pointer

Christopher wrote:
> Originally, the idea was to restrict this permission to prevent multiple
> users from becoming equivalent to "root", which could be difficult to
> audit. I don't think the original reasoning is still valid. See
> https://issues.apache.org/jira/browse/ACCUMULO-1318
>
>
> --
> Christopher L Tubbs II
> http://gravatar.com/ctubbsii
>
> On Mon, Mar 2, 2015 at 8:32 PM, Josh Elser<josh.elser@gmail.com>  wrote:
>
>> public boolean canGrantSystem(TCredentials c, String user,
>> SystemPermission sysPerm) throws ThriftSecurityException {
>>    authenticate(c);
>>    // can't grant GRANT
>>    if (sysPerm.equals(SystemPermission.GRANT))
>>      throw new ThriftSecurityException(c.getPrincipal(),
>> SecurityErrorCode.GRANT_INVALID);
>>    return hasSystemPermission(c, SystemPermission.GRANT, false);
>> }
>>
>> Why don't we allow System.GRANT to be given to other users?
>>
>

Mime
View raw message