hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Da Zhou (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-15969) ABFS: getNamespaceEnabled can fail blocking user access thru ACLs
Date Tue, 04 Dec 2018 00:45:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-15969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Da Zhou updated HADOOP-15969:
-----------------------------
    Attachment: HADOOP-15969-001.patch

> ABFS: getNamespaceEnabled can fail blocking user access thru ACLs
> -----------------------------------------------------------------
>
>                 Key: HADOOP-15969
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15969
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 3.2.0
>            Reporter: Da Zhou
>            Assignee: Da Zhou
>            Priority: Major
>         Attachments: HADOOP-15969-001.patch
>
>
> The Get Filesystem Properties operation requires Read permission to the Filesystem. 
Read permission to the Filesystem can only be granted thru RBAC, Shared Key, or SAS.  This
prevents giving low privilege users access to specific files or directories within the filesystem. 
An administrator should be able to set an ACL on a file granting read permission to a user,
without giving them read permission to the entire Filesystem.
> Fortunately there is another way to determine if HNS is enabled.  The Get Path Access
Control (getAclStatus) operation only requires traversal access, and for the root folder /
all authenticated users have traversal access.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message