Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id D09E7200D1B for ; Thu, 12 Oct 2017 22:48:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id CF2CB160BE4; Thu, 12 Oct 2017 20:48:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2123C1609E4 for ; Thu, 12 Oct 2017 22:48:03 +0200 (CEST) Received: (qmail 48594 invoked by uid 500); 12 Oct 2017 20:48:03 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 48576 invoked by uid 99); 12 Oct 2017 20:48:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Oct 2017 20:48:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 4EA90183298 for ; Thu, 12 Oct 2017 20:48:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id ivS3vq33E2Dk for ; Thu, 12 Oct 2017 20:48:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 4A97F5F2A8 for ; Thu, 12 Oct 2017 20:48:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id DC817E0B21 for ; Thu, 12 Oct 2017 20:48:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 9C91C23F2E for ; Thu, 12 Oct 2017 20:48:00 +0000 (UTC) Date: Thu, 12 Oct 2017 20:48:00 +0000 (UTC) From: "Steve Loughran (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 12 Oct 2017 20:48:05 -0000 [ https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16202599#comment-16202599 ] Steve Loughran commented on HADOOP-14935: ----------------------------------------- OK. So access() is how code should check for permission; and the change whith HADOOP-14845 is something which you'll turn off for Hive, but which may be used elsewhere. By making it optional you reduce RPC calls and so increase performance? Is that the reason? That I can understand. Like I said, I'll go with Thomas's opinions here: I'm happy, though I'd add some more detail to the javadoc of the option to explain it, which is something I Can do during the commit > Azure: POSIX permissions are taking effect in access() method even when authorization is enabled > ------------------------------------------------------------------------------------------------ > > Key: HADOOP-14935 > URL: https://issues.apache.org/jira/browse/HADOOP-14935 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure > Affects Versions: 2.9.0 > Reporter: Santhosh G Nayak > Assignee: Santhosh G Nayak > Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch, HADOOP-14935.1.patch, HADOOP-14935.2.patch > > > FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does not override {{access(path,mode)}} method and uses the default implementation from the base class. This base implementaion uses the POSIX permissions to check if the requested user has access to given path or not even when authorization is enabled, which is incorrect. > {{NativeAzureFileSystem.access()}} in authorization enabled mode should use the authorization mechanism provided instead of relying on the POSIX permission ons. So the proposal is to override {{FileSystem.access()}} method in {{NativeAzureFileSystem}} such that it honors the authorization mechanism configured in authorization enabled mode and falls back to POSIX permissions otherwise. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org