hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Santhosh G Nayak (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled
Date Thu, 12 Oct 2017 12:49:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201894#comment-16201894
] 

Santhosh G Nayak edited comment on HADOOP-14935 at 10/12/17 12:48 PM:
----------------------------------------------------------------------

Thanks [~steve_l] for reviewing the patch and tuning few tests.

Addressed comments from TODO section in v4 patch,
-  Introduced a new test class {{TestNativeAzureFileSystemAuthorizationGetFileStatus}} which
sets {{fs.azure.enable.authorization.getfilestatus}} to {{true}} and runs the same authorization
test, that way all the code paths are covered.
- Separated the tests for different permission combinations.
- New sticky bit related rename tests may have passed because of the additional policies configured
for {{getFileStatus()}} to work.

Testing: All the tests passed with Azure South India storage endpoint.


was (Author: snayak):
Thanks [~steve_l] for reviewing the patch and tuning few tests.

Addressed comments from TODO section in v4 patch,
-  Introduced a new test class {{TestNativeAzureFileSystemAuthorizationGetFileStatus}} which
sets {{fs.azure.enable.authorization.getfilestatus}} to {{true}} and runs the same authorization
test, that way all the code paths are covered.
- Separated the tests for different permission combinations.
- New sticky bit related rename tests may have passed because of the additional policies configured
for {{getFileStatus()}} to work.

> Azure: POSIX permissions are taking effect in access() method even when authorization
is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch, HADOOP-14935.1.patch,
HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does not override
{{access(path,mode)}} method and uses the default implementation from the base class. This
base implementaion uses the POSIX permissions to check if the requested user has access to
given path or not even when authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use the authorization
mechanism provided instead of relying on the POSIX permission ons. So the proposal is to override
{{FileSystem.access()}} method in {{NativeAzureFileSystem}} such that it honors the authorization
mechanism configured in authorization enabled mode and falls back to POSIX permissions otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message