hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14581) Restrict setOwner to list of user when security is enabled in wasb
Date Tue, 11 Jul 2017 11:59:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16082108#comment-16082108

Steve Loughran commented on HADOOP-14581:

Patch 003

This is just patch 002 with the conflict in {{TestNativeAzureFileSystemAuthorization}} with
HADOOP-14443 fixed, and the new imports re-orded to go with our preferred layout.

[~vahemesw] this is ready apart from checkstyle. & docs

Remember to hit the "submit patch" button to run it by Yetus. It doesn't run the azure test
(hence the need to explicitly declare it), but it does run it through our style checks, and
once HADOOP-14553 splits up unit and integration tests, the mock tests will be run by yetus.

# Here a lot of the code is going to be rejected by the line with. Apart from the special
cases where *some* wider lines helps readability, the project requires lines to be <= 80
chars wide. Why? it's so that the [git patch viewer|https://chrome.google.com/webstore/detail/git-patch-viewer/hkoggakcdopbgnaeeidcmopfekipkleg]
can do side-by-side checking better.
# Needs documentation in hadoop-tools/hadoop-azure/src/site/markdown/index.md  . No good having
new features if they are kept secret.


> Restrict setOwner to list of user when security is enabled in wasb
> ------------------------------------------------------------------
>                 Key: HADOOP-14581
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14581
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 3.0.0-alpha3
>            Reporter: Varada Hemeswari
>            Assignee: Varada Hemeswari
>              Labels: azure, fs, secure, wasb
>         Attachments: HADOOP-14581-003.patch, HADOOP-14581.1.patch, HADOOP-14581.2.patch
> Currently in azure FS, setOwner api is exposed to all the users accessing the file system.
> When Authorization is enabled, access to some files/folders is given to particular users
based on whether the user is the owner of the file.
> So setOwner has to be restricted to limited set of users to prevent users from exploiting
owner based authorization of files and folders.
> Introducing a new config called fs.azure.chown.allowed.userlist which is a comma seperated
list of users who are allowed to perform chown operation when authorization is enabled.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message