Return-Path: <hdfs-issues-return-160127-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 1B8802009D9
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 18 May 2016 03:28:15 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 1A175160A22; Wed, 18 May 2016 01:28:15 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3B6C11609F5
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 18 May 2016 03:28:14 +0200 (CEST)
Received: (qmail 64339 invoked by uid 500); 18 May 2016 01:28:13 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 64322 invoked by uid 99); 18 May 2016 01:28:13 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 May 2016 01:28:13 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 260662C033A
	for <hdfs-issues@hadoop.apache.org>; Wed, 18 May 2016 01:28:13 +0000 (UTC)
Date: Wed, 18 May 2016 01:28:13 +0000 (UTC)
From: "Tianyin Xu (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <JIRA.12970599.1463534778000.218985.1463534893151@Atlassian.JIRA>
In-Reply-To: <JIRA.12970599.1463534778000@Atlassian.JIRA>
References: <JIRA.12970599.1463534778000@Atlassian.JIRA> <JIRA.12970599.1463534778378@arcas>
Subject: [jira] [Updated] (HDFS-10422) Do not throw AccessControlException
 for syntax errors of security.hdfs.unreadable.by.superuser
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Wed, 18 May 2016 01:28:15 -0000


     [ https://issues.apache.org/jira/browse/HDFS-10422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tianyin Xu updated HDFS-10422:
------------------------------
    Description: 
The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
"this xattr is also write-once, and cannot be removed once set. This xattr does not allow a value to be set."
[https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]

Upon violation, the system should throw {{IllegalArgumentException}} to keep the consistent behaviour with the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. 

Currently, it always throws {{AccessControlException}} which is supposed to be something related to access control. The only case {{AccessControlException}} should be thrown is when the superuser tries to access the file, but *not* anything else. 

If the user set any value, it violates the syntax of the xattr (this xattr does not need values) which has nothing to do with access control:
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
    if (XAttrHelper.getPrefixedName(xAttr).
        equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
      if (xAttr.getValue() != null) {
        throw new AccessControlException("Attempt to set a value for '" +
            SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
            "'. Values are not allowed for this xattr.");
      }   
      return;
    }   
{code} 
\\

Similarly, if the user wants to remove the xattr, it should throw {{IllegalArgumentException}} just like the encryption xattr in the following code. Basically I don't understand why the encryption xattr throws an {{IllegalArgumentException}} (via the {{checkArgument}} call) but the {{security.hdfs.unreadable.by.superuser}} xattr throws an {{AccessControlException}}. It's the same thing here: both of them cannot be removed...
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
        Preconditions.checkArgument(
            !KEYID_XATTR.equalsIgnoreValue(filter),
            "The encryption zone xattr should never be deleted.");
        if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
          throw new AccessControlException("The xattr '" +
              SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
        }   
{code} 



  was:
The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
"this xattr is also write-once, and cannot be removed once set. This xattr does not allow a value to be set."
[https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]

Upon violation, the system should throw {{IllegalArgumentException}}, the same behaviour like the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. 

Currently, it always throws {{AccessControlException}} which is supposed to be something related to access control. The only case {{AccessControlException}} should be thrown is when the superuser tries to access the file, but *not* anything else. 

If the user set any value, it violates the syntax of the xattr (this xattr does not need values) which has nothing to do with access control:
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
    if (XAttrHelper.getPrefixedName(xAttr).
        equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
      if (xAttr.getValue() != null) {
        throw new AccessControlException("Attempt to set a value for '" +
            SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
            "'. Values are not allowed for this xattr.");
      }   
      return;
    }   
{code} 
\\

Similarly, if the user wants to remove the xattr, it should throw {{IllegalArgumentException}} just like the encryption xattr in the following code. Basically I don't understand why the encryption xattr throws an {{IllegalArgumentException}} (via the {{checkArgument}} call) but the {{security.hdfs.unreadable.by.superuser}} xattr throws an {{AccessControlException}}. It's the same thing here: both of them cannot be removed...
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
        Preconditions.checkArgument(
            !KEYID_XATTR.equalsIgnoreValue(filter),
            "The encryption zone xattr should never be deleted.");
        if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
          throw new AccessControlException("The xattr '" +
              SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
        }   
{code} 




> Do not throw AccessControlException for syntax errors of security.hdfs.unreadable.by.superuser
> ----------------------------------------------------------------------------------------------
>
>                 Key: HDFS-10422
>                 URL: https://issues.apache.org/jira/browse/HDFS-10422
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.7.2
>            Reporter: Tianyin Xu
>
> The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
> "this xattr is also write-once, and cannot be removed once set. This xattr does not allow a value to be set."
> [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]
> Upon violation, the system should throw {{IllegalArgumentException}} to keep the consistent behaviour with the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. 
> Currently, it always throws {{AccessControlException}} which is supposed to be something related to access control. The only case {{AccessControlException}} should be thrown is when the superuser tries to access the file, but *not* anything else. 
> If the user set any value, it violates the syntax of the xattr (this xattr does not need values) which has nothing to do with access control:
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
>     if (XAttrHelper.getPrefixedName(xAttr).
>         equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
>       if (xAttr.getValue() != null) {
>         throw new AccessControlException("Attempt to set a value for '" +
>             SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
>             "'. Values are not allowed for this xattr.");
>       }   
>       return;
>     }   
> {code} 
> \\
> Similarly, if the user wants to remove the xattr, it should throw {{IllegalArgumentException}} just like the encryption xattr in the following code. Basically I don't understand why the encryption xattr throws an {{IllegalArgumentException}} (via the {{checkArgument}} call) but the {{security.hdfs.unreadable.by.superuser}} xattr throws an {{AccessControlException}}. It's the same thing here: both of them cannot be removed...
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
>         Preconditions.checkArgument(
>             !KEYID_XATTR.equalsIgnoreValue(filter),
>             "The encryption zone xattr should never be deleted.");
>         if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
>           throw new AccessControlException("The xattr '" +
>               SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
>         }   
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org