hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11655) Ozone: CLI: Guarantees user runs SCM commands has appropriate permission
Date Tue, 23 May 2017 21:59:04 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021947#comment-16021947

Xiaoyu Yao commented on HDFS-11655:

Thanks [~cheersyang] for reporting the issue and posting the fix. The permission check in
the patch is done at the RPC layer. Note these RPC methods maybe invoked from other components
such as KSM, CBlock server, etc. We may not run all these components using the same super
user. If we really want to enforce this at RPC layer, we should have a whitelist instead of
a single super user . If we enforce this only at the SCM Admin CLI, it should be fine to have
a single super user though.

> Ozone: CLI: Guarantees user runs SCM commands has appropriate permission
> ------------------------------------------------------------------------
>                 Key: HDFS-11655
>                 URL: https://issues.apache.org/jira/browse/HDFS-11655
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>    Affects Versions: HDFS-7240
>            Reporter: Weiwei Yang
>            Assignee: Weiwei Yang
>              Labels: command-line, security
>         Attachments: HDFS-11655-HDFS-7240.001.patch, HDFS-11655-HDFS-7240.002.patch
> We need to add a permission check module for ozone command line utilities, to make sure
users run commands with proper privileges. For now, commands in [design doc| https://issues.apache.org/jira/secure/attachment/12861478/storage-container-manager-cli-v002.pdf]
all require admin privilege.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message