hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "BELUGA BEHR (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-12640) Code Review AccessControlList
Date Tue, 15 Dec 2015 18:28:46 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-12640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

BELUGA BEHR updated HADOOP-12640:
    Attachment:     (was: AccessControlList.patch)

> Code Review AccessControlList
> -----------------------------
>                 Key: HADOOP-12640
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12640
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.7.1
>            Reporter: BELUGA BEHR
>            Priority: Minor
> After some confusion of my own, in particular with "mapreduce.job.acl-view-job," I have
looked over the AccessControlList implementation and cleaned it up and clarified a few points.
> 1) I added tests to show that when including an asterisk in either the username or the
group field, it overrides everything and allows all access.
> "user1,user2,user3 *" = all access
> "* group1,group2" = all access
> "* *" = all access
> "* " = all access
> " *" = all access
> 2) General clean-up and simplification
> The code currently handled spaces in an asymmetric way. The code splits the ACL string
on a single space, but limits the resulting array to a size of two. So, as long as there are
no spaces in the user names section, it works fine, but any spaces subsequent to that did
not matter.
> "user1,user2,user3 group1, group2,group3" - works as expected
> ["user1,user2,user3", "group1, group2,group3"]
> "user1, user2,user3 group1,group2,group3" - Did not work as expected
> ["user1,","user2,user3, group1, group2,group3"]
> The submitted patch will split on all spaces and log a warning if there are more than
two elements.  This enforces no spaces with the two comma-separated lists.
> Update:
> Perhaps this can be expanded to use a semi-colon as the delimiter between users and groups,
so any interwoven spaces can simply be ignored.

This message was sent by Atlassian JIRA

View raw message