Return-Path: 
 <notifications-return-27490-apmail-accumulo-notifications-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 74653100B9
	for <apmail-accumulo-notifications-archive@minotaur.apache.org>;
 Wed, 11 Feb 2015 00:49:13 +0000 (UTC)
Received: (qmail 78674 invoked by uid 500); 11 Feb 2015 00:49:13 -0000
Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org
Received: (qmail 78642 invoked by uid 500); 11 Feb 2015 00:49:13 -0000
Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@accumulo.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@accumulo.apache.org>
List-Post: <mailto:notifications@accumulo.apache.org>
List-Id: <notifications.accumulo.apache.org>
Reply-To: jira@apache.org
Delivered-To: mailing list notifications@accumulo.apache.org
Received: (qmail 78631 invoked by uid 99); 11 Feb 2015 00:49:13 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2015 00:49:13 +0000
Date: Wed, 11 Feb 2015 00:49:13 +0000 (UTC)
From: "Josh Elser (JIRA)" <jira@apache.org>
To: notifications@accumulo.apache.org
Message-ID: <JIRA.12773091.1423250312000.7909.1423615753244@Atlassian.JIRA>
In-Reply-To: <JIRA.12773091.1423250312000@Atlassian.JIRA>
References: <JIRA.12773091.1423250312000@Atlassian.JIRA>
 <JIRA.12773091.1423250312054@arcas>
Subject: [jira] [Commented] (ACCUMULO-3568) du shell command uses
 ServerClient incorrectly
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315304#comment-14315304 ] 

Josh Elser commented on ACCUMULO-3568:
--------------------------------------

After much cursing, finally figured it out. The problem was not the client doing something bad, but the server *using* the clients credentials instead of its own.

{code}
  @Override
  public List<TDiskUsage> getDiskUsage(Set<String> tables, TCredentials credentials) throws ThriftTableOperationException, ThriftSecurityException, TException {
    try {
      final Credentials creds = Credentials.fromThrift(credentials);
      Connector conn = instance.getConnector(creds.getPrincipal(), creds.getToken());
{code}

That explains why I couldn't figure out what was seemingly different on the client side -- it was nothing. The server should be using its own connector and enforcing proper permissions to keep users from {{du}}'ing tables which they have no access to.

> du shell command uses ServerClient incorrectly
> ----------------------------------------------
>
>                 Key: ACCUMULO-3568
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
>             Project: Accumulo
>          Issue Type: Bug
>          Components: shell
>         Environment: kerberos
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
>
>
> {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is meant for Accumulo services to use to communicate with each other. This results in the authentication performed for this method being performed (incorrectly) as the system instead of the client.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)