hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerry He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12644) Visibility Labels: issue with storing super users in labels table
Date Sun, 07 Dec 2014 06:21:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14237069#comment-14237069

Jerry He commented on HBASE-12644:

Hi, [~anoop.hbase]

Let me step back a little.
Currently we can actually use 'clear_auths' to remove a super user's 'system' auth.
For example,
  clear_auths 'superuser1', 'system' 
Similarly, we can use 'set_auths' to grant 'system' auth.

But the concept of super users should probably means 'automatic' privilege without explicit
'set' or 'clear'.  
Since we use a hbase-site.xml property to determine super users at startup time, 
presence or absence in the property will determine the privilege without a need of any explicit

The proposed approach is to let super users (their auths) only stay in cache, not persist
Otherwise we will have complexity to maintain consistency with the property value in case
it changes.
Looking over the AccessController class, I think it is done this way.

After doing some testing, I realize the patch seems not enough. The super user auths are also
persisted in ZK node together with the other auths.
I should change that as well.

What do you think?

> Visibility Labels: issue with storing super users in labels table
> -----------------------------------------------------------------
>                 Key: HBASE-12644
>                 URL: https://issues.apache.org/jira/browse/HBASE-12644
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.98.8, 0.99.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>             Fix For: 1.0.0, 0.98.9
>         Attachments: HBASE-12644-master.patch
> Super users have all the permissions for ACL and Visibility labels.
> They are defined in hbase-site.xml.
> Currently in VisibilityController, we persist super user with their system permission
in hbase:labels.
> This makes change in super user difficult.
> There are two issues:
> In the current DefaultVisibilityLabelServiceImpl.addSystemLabel, we only add super user
when we initially create the 'system' label.
> No additional update after that even if super user changed. See code for details.
> Additionally, there is no mechanism to remove any super user from the labels table.
> We probably should not persist super users in the labels table.
> They are in hbase-site.xml and can just stay in labelsCache and used from labelsCache
after retrieval by Visibility Controller.

This message was sent by Atlassian JIRA

View raw message