falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh Seetharam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-851) Super user authorization is broken
Date Tue, 04 Nov 2014 19:53:36 GMT

    [ https://issues.apache.org/jira/browse/FALCON-851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196703#comment-14196703
] 

Venkatesh Seetharam commented on FALCON-851:
--------------------------------------------

{code}
+            FileSystem fileSystem = HadoopClientFactory.get().createProxiedFileSystem(
+                getConf(), feed.getACL());
{code}
bq. Can we avoid this method and instead build config based on ConfigurationHelper
This is for any entity and not just cluster. Also, I need to repeat this for Oozie and Hive
as well.

{code}
+        String aclGroup = acl.getGroup();
...
+            if (!groups.contains(aclGroup)) {
{code}
bq. Shouldn't group be a list? 
Its not today, Pls open an enhancement jira for that. 

bq. Would it not be possible for a owner to give permission to access the entity when not
belonging to a group ?
The issue is in validating that group. I cannot get groups alone with out a user and dont
want to write a JNI for that.

{code}
+    public FileSystem createProxiedFileSystem(final URI uri,
+                                              final Configuration conf,
+                                              final AccessControlList acl) throws FalconException
{
{code}
bq. Can perhaps be avoided if the configuration already has the requisition properties filled
in. 
How? There is no conf in Oozie and Hive. 

bq. Somehow accepting an ACL for creating a file system seems to indicate that some permission
params are passed to create the FS, while they are only being passed to set default umask.
Nope, the owner for the FS is the acl owner in case the logged in user is the super user.


> Super user authorization is broken
> ----------------------------------
>
>                 Key: FALCON-851
>                 URL: https://issues.apache.org/jira/browse/FALCON-851
>             Project: Falcon
>          Issue Type: Bug
>    Affects Versions: 0.6
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>            Priority: Blocker
>              Labels: authorization
>             Fix For: 0.6
>
>         Attachments: FALCON-851-v1.patch, FALCON-851.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message