accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ACCUMULO-2705) Figure out internal authentication
Date Mon, 21 Apr 2014 18:42:22 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13975864#comment-13975864
] 

Josh Elser edited comment on ACCUMULO-2705 at 4/21/14 6:42 PM:
---------------------------------------------------------------

Relevant issue if I try to use !SYSTEM:

{noformat}
org.apache.accumulo.core.client.AccumuloSecurityException: Error USER_DOESNT_EXIST for user
!SYSTEM on table replication(?) - The user does not exist
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doFateOperation(TableOperationsImpl.java:327)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doFateOperation(TableOperationsImpl.java:302)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doTableFateOperation(TableOperationsImpl.java:1591)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.create(TableOperationsImpl.java:229)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.create(TableOperationsImpl.java:193)
{noformat}

{noformat}
2014-04-21 14:39:22,837 [tableOps.FinishCreateTable] ERROR:
ThriftSecurityException(user:!SYSTEM, code:USER_DOESNT_EXIST)
        at org.apache.accumulo.server.security.SecurityOperation.targetUserExists(SecurityOperation.java:363)
        at org.apache.accumulo.server.security.SecurityOperation.grantTablePermission(SecurityOperation.java:621)
        at org.apache.accumulo.server.security.AuditedSecurityOperation.grantTablePermission(AuditedSecurityOperation.java:381)
        at org.apache.accumulo.master.tableOps.SetupPermissions.call(CreateTable.java:254)
        at org.apache.accumulo.master.tableOps.MasterRepo.call(MasterRepo.java:1)
        at org.apache.accumulo.master.tableOps.TraceRepo.call(TraceRepo.java:54)
        at org.apache.accumulo.fate.Fate$TransactionRunner.run(Fate.java:67)
        at org.apache.accumulo.fate.util.LoggingRunnable.run(LoggingRunnable.java:34)
        at java.lang.Thread.run(Thread.java:724)
{noformat]


was (Author: elserj):
Relevant issue if I try to use !SYSTEM:

{noformat}
org.apache.accumulo.core.client.AccumuloSecurityException: Error USER_DOESNT_EXIST for user
!SYSTEM on table replication(?) - The user does not exist
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doFateOperation(TableOperationsImpl.java:327)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doFateOperation(TableOperationsImpl.java:302)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.doTableFateOperation(TableOperationsImpl.java:1591)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.create(TableOperationsImpl.java:229)
	at org.apache.accumulo.core.client.admin.TableOperationsImpl.create(TableOperationsImpl.java:193)
{noformat}

> Figure out internal authentication
> ----------------------------------
>
>                 Key: ACCUMULO-2705
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2705
>             Project: Accumulo
>          Issue Type: Sub-task
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0
>
>
> When creating a table to use for storing replication "bookkeeping", I found that the
internal !SYSTEM user doesn't have the ability to create a table. Should it?
> Without this, the user would have to create/configure a custom local user account with
proper credentials to read/write the replication table as well as persist this in accumulo-site.xml.
My first impression is that this is excessive waste because the usage is purely within the
tablet server already -- need to try to figure out if there's a reason that !SYSTEM shouldn't
be allowed to create tables.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message