falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Sundarrajan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-851) Super user authorization is broken
Date Tue, 04 Nov 2014 01:52:34 GMT

    [ https://issues.apache.org/jira/browse/FALCON-851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14195556#comment-14195556
] 

Srikanth Sundarrajan commented on FALCON-851:
---------------------------------------------

{code}
+            FileSystem fileSystem = HadoopClientFactory.get().createProxiedFileSystem(
+                getConf(), feed.getACL());
{code}
Can we avoid this method and instead build config based on ConfigurationHelper

{code}
+        String aclGroup = acl.getGroup();
...
+            if (!groups.contains(aclGroup)) {
{code}
Shouldn't group be a list? Would it not be possible for a owner to give permission to access
the entity when not belonging to a group ?

{code}
+    public FileSystem createProxiedFileSystem(final URI uri,
+                                              final Configuration conf,
+                                              final AccessControlList acl) throws FalconException
{
{code}
Can perhaps be avoided if the configuration already has the requisition properties filled
in. Somehow accepting an ACL for creating a file system seems to indicate that some permission
params are passed to create the FS, while they are only being passed to set default umask.



> Super user authorization is broken
> ----------------------------------
>
>                 Key: FALCON-851
>                 URL: https://issues.apache.org/jira/browse/FALCON-851
>             Project: Falcon
>          Issue Type: Bug
>    Affects Versions: 0.6
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>            Priority: Blocker
>              Labels: authorization
>             Fix For: 0.6
>
>         Attachments: FALCON-851-v1.patch, FALCON-851.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message