falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pragya Mittal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-1056) Able to submit feed even though owner/group of storage specified (location type=data) is different from the ACL owner/group
Date Fri, 27 Feb 2015 10:36:04 GMT

    [ https://issues.apache.org/jira/browse/FALCON-1056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14339987#comment-14339987
] 

Pragya Mittal commented on FALCON-1056:
---------------------------------------

Feed definition :
{code}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<feed name="FeedAclTest1" description="clicks log" xmlns="uri:falcon:feed:0.1">
    <partitions>
        <partition name="country"/>
        <partition name="colo"/>
    </partitions>
    <frequency>minutes(20)</frequency>
    <timezone>UTC</timezone>
    <late-arrival cut-off="hours(6)"/>
    <clusters>
        <cluster name="FeedAclTestTry--corp-96c746e5" type="source">
            <validity start="2015-02-01T00:00Z" end="2099-05-01T00:00Z"/>
            <retention limit="months(9000)" action="delete"/>
        </cluster>
    </clusters>
    <locations>
        <location type="data" path="/tmp/FeedAclTest/input/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
        <location type="stats" path="/projects/falcon/clicksStats"/>
        <location type="meta" path="/projects/falcon/clicksMetaData"/>
    </locations>
    <ACL owner="pragyamittal" group="dataqa" permission="*"/>
    <schema location="/schema/clicks" provider="protobuf"/>
    <properties>
        <property name="field1" value="value1"/>
        <property name="field2" value="value2"/>
    </properties>
</feed>
{code}

I created the hadoop data path for feed with user: randomuser , group :randomuser.
randomeuser doesnot belong to ACL owner pragyamittal nor does randomuser group belongs to
ACL group dataqa.

{code}
dataqa@ip-192-168-138-200:~$ hadoop fs -lsr /tmp/FeedAclTest
lsr: DEPRECATED: Please use 'ls -R' instead.
drwxr-xr-x   - randomuser randomuser          0 2015-02-27 09:46 /tmp/FeedAclTest/input
drwxr-xr-x   - randomuser randomuser          0 2015-02-27 09:46 /tmp/FeedAclTest/input/2015
drwxr-xr-x   - randomuser randomuser          0 2015-02-27 09:46 /tmp/FeedAclTest/input/2015/02
drwxr-xr-x   - randomuser randomuser          0 2015-02-27 09:46 /tmp/FeedAclTest/input/2015/02/01

{code}

When i tried submitting feed by user pragyamittal , i was able to submit it.
(Authorisation is enabled : *.falcon.security.authorization.enabled=true)
{code}
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u pragyamittal ./falcon entity
-type feed -submit -file ~/feed.xml 
falcon/ua1/Submit successful (feed) FeedAclTest1

prism/Submit successful (feed) FeedAclTest1

{code}

According to changes made in FALCON-497, if feed data path exists and its owner/group does
not belong to ACL/current user/group then feed submit should fail.

> Able to submit feed even though owner/group of storage specified (location type=data)
is different from the ACL owner/group
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: FALCON-1056
>                 URL: https://issues.apache.org/jira/browse/FALCON-1056
>             Project: Falcon
>          Issue Type: Bug
>          Components: feed
>    Affects Versions: 0.7
>            Reporter: Pragya Mittal
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message