hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-7477) Replace ACLException with AccessControlException
Date Fri, 05 Dec 2014 17:55:14 GMT

     [ https://issues.apache.org/jira/browse/HDFS-7477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chris Nauroth resolved HDFS-7477.
    Resolution: Not a Problem

{{AclException}} is used to indicate an attempt to set an invalid ACL.  You'll see it thrown
from places like {{AclTransformation}} and {{AclStorage}} that are involved in calculating
a new ACL and setting it on an inode.  This exception is never used to indicate access denied.

{{FSPermissionChecker}} always throws {{AccessControlException}} to indicate access denied.
 In the presence of an ACL, the exception comes from {{FSPermissionChecker#checkAccessAcl}}.
 This correctly triggers an audit log entry.

Also, if we consider the ACL mutation operations like {{setAcl}}, they check {{FSPermissionChecker}}
first before going into {{AclTransformation}} and {{AclStorage}}.  That means the {{AccessControlException}}
would get thrown before any potential {{AclException}} is thrown, so again, we have correct
audit logging behavior for those operations.

I don't believe there is anything to be done here, so I'm resolving this as Not a Problem.
 Please feel free to reopen if you think if I've misunderstood something, and we do in fact
have a bug.  Thanks!

> Replace ACLException with AccessControlException
> ------------------------------------------------
>                 Key: HDFS-7477
>                 URL: https://issues.apache.org/jira/browse/HDFS-7477
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Haohui Mai
>            Assignee: Li Lu
> Currently many functions logs audit log during failures only when {{AccessControlException}}
is thrown, thus no audit logs are logged if {{AclException}} is thrown when the ACLs deny
the access.

This message was sent by Atlassian JIRA

View raw message