hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled
Date Tue, 10 Oct 2017 13:10:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198647#comment-16198647
] 

Steve Loughran commented on HADOOP-14935:
-----------------------------------------

As noted, I'm not going to consider this patch for commit until Yetus is happy and you confirm
you've tested everything yourself. Here's a provisional review.


This patch includes a new option for getFileStatus"fs.azure.enable.authorization.getfilestatus".
What is this, why is it needed, and why isn't it is own patch?

And, given that HADOOP-14845 only added this code last week, how stable is all of this? 

h4. NativeAzureFileSystems

* javadocs to Access to explictly declare that AccessControlException is raised on access
control, FNFE if the file is not present; same as the superclass. Maybe just use the {@inheritDoc}
tag to do this.

* if it's just formatting changes, let's leave the changes to getFileStatus out: keeps the
merge complexity down.

h4. tests


* {{testAccessFileDoesNotExist}} doesn't reset permissions. Does this matter?
* add test to verify that execute isn't validated (i.e. valid even if caller has no permissions)
* add test to create a file under a directory which does not exist. Check access permissions
of created parent dir
* test for file without permissions to access and doesn't exist: need to verify that FNFE
is raised.
* I'd like to see the codepath for all possible access permissions checked, including NONE.
These can all be done within existing tests; it's needed to stop regressions in future.


h4. minor style issues

* No need to prefix things with "this.". it's only done when there is a parameter to a method
with the same name as a field, something only done in constructors and setters
* space after a // and its comment




> Azure: POSIX permissions are taking effect in access() method even when authorization
is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935.1.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does not override
{{access(path,mode)}} method and uses the default implementation from the base class. This
base implementaion uses the POSIX permissions to check if the requested user has access to
given path or not even when authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use the authorization
mechanism provided instead of relying on the POSIX permission ons. So the proposal is to override
{{FileSystem.access()}} method in {{NativeAzureFileSystem}} such that it honors the authorization
mechanism configured in authorization enabled mode and falls back to POSIX permissions otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message