accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher <ctubb...@apache.org>
Subject Re: System disallows granting System.GRANT
Date Tue, 03 Mar 2015 02:00:02 GMT
Originally, the idea was to restrict this permission to prevent multiple
users from becoming equivalent to "root", which could be difficult to
audit. I don't think the original reasoning is still valid. See
https://issues.apache.org/jira/browse/ACCUMULO-1318


--
Christopher L Tubbs II
http://gravatar.com/ctubbsii

On Mon, Mar 2, 2015 at 8:32 PM, Josh Elser <josh.elser@gmail.com> wrote:

> public boolean canGrantSystem(TCredentials c, String user,
> SystemPermission sysPerm) throws ThriftSecurityException {
>   authenticate(c);
>   // can't grant GRANT
>   if (sysPerm.equals(SystemPermission.GRANT))
>     throw new ThriftSecurityException(c.getPrincipal(),
> SecurityErrorCode.GRANT_INVALID);
>   return hasSystemPermission(c, SystemPermission.GRANT, false);
> }
>
> Why don't we allow System.GRANT to be given to other users?
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message