hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled
Date Fri, 13 Oct 2017 17:02:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Steve Loughran updated HADOOP-14935:
------------------------------------
    Attachment: HADOOP-14935-005.patch

I'm going to attach patch 005. This is patch 004 with all support for auth on getFileStatus
removed. That is, the code in patch 4 and HADOOP-14845 cut out: there's no auth checking going
on in that call.

I've not reverted all of HADOOP-14845; it retains the {{getFileStatusInternal()}} and {{existsInternal()}}
calls. Why so? 

# In S3A it turned out to be useful to have the split, especially related to error translation
& retry
# makes it easier to reinstate file status auth; changes to production code will be limited
to getFileStatus only.

Testing Azure ireland.

> Azure: POSIX permissions are taking effect in access() method even when authorization
is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch, HADOOP-14935-005.patch,
HADOOP-14935.1.patch, HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does not override
{{access(path,mode)}} method and uses the default implementation from the base class. This
base implementaion uses the POSIX permissions to check if the requested user has access to
given path or not even when authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use the authorization
mechanism provided instead of relying on the POSIX permission ons. So the proposal is to override
{{FileSystem.access()}} method in {{NativeAzureFileSystem}} such that it honors the authorization
mechanism configured in authorization enabled mode and falls back to POSIX permissions otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message