Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D4FBD17F44 for ; Fri, 25 Sep 2015 19:27:04 +0000 (UTC) Received: (qmail 91265 invoked by uid 500); 25 Sep 2015 19:27:04 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 91216 invoked by uid 500); 25 Sep 2015 19:27:04 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 91205 invoked by uid 99); 25 Sep 2015 19:27:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Sep 2015 19:27:04 +0000 Date: Fri, 25 Sep 2015 19:27:04 +0000 (UTC) From: "Hadoop QA (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-14475) Region split requests are always audited with "hbase" user rather than request user MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-14475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14908552#comment-14908552 ] Hadoop QA commented on HBASE-14475: ----------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12762408/14475-branch-1-v2.txt against branch-1 branch at commit 33bbe43cf156f373b2d95e66edd07e2ff9ae978b. ATTACHMENT ID: 12762408 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions (2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.7.0 2.7.1) {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 protoc{color}. The applied patch does not increase the total number of protoc compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 checkstyle{color}. The applied patch does not increase the total number of checkstyle errors {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100 {color:green}+1 site{color}. The mvn post-site goal succeeds with this patch. {color:red}-1 core tests{color}. The patch failed these unit tests: org.apache.hadoop.hbase.util.TestProcessBasedCluster Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/15743//testReport/ Release Findbugs (version 2.0.3) warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/15743//artifact/patchprocess/newFindbugsWarnings.html Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/15743//artifact/patchprocess/checkstyle-aggregate.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/15743//console This message is automatically generated. > Region split requests are always audited with "hbase" user rather than request user > ----------------------------------------------------------------------------------- > > Key: HBASE-14475 > URL: https://issues.apache.org/jira/browse/HBASE-14475 > Project: HBase > Issue Type: Bug > Reporter: Enis Soztutar > Assignee: Ted Yu > Fix For: 2.0.0, 1.2.0, 1.3.0, 0.98.15, 1.0.3, 1.1.3 > > Attachments: 14475-branch-1-v2.txt, 14475-v2.txt, 14475-v3.txt > > > [~madhan.neethiraj] from Ranger reported that when a region split request is initiated from the user, we always audit (and do the permission check) against the hbase user, not the request user. > The issue is that a split request that is coming from the user is only processed at a later time from the CompactSplitThread asynchronously to the splitRegion RPC. > RSRpcServices.splitRegion() only does a flush from the handler thread and then calls regionServer.compactSplitThread.requestSplit() which puts a SplitRequest to the split queue. The split request is handled by the split executor from CompactSplitThread. > Since the split is actually executed from the compact split thread, the preSplit() for the AccessController is called from the executor thread. In this thread, we no longer have the user who initially requested the split, so the user in the context (UGI) is "hbase", causing the AC.preSplit() access control check to be always be performed against the hbase user, not the user who have submitted the request. The audit log also contains "hbase" user rather than the actual user. > Luckily, the split forces a flush to the region in-line (from the handler thread), which requires a {{CREATE|ADMIN}} permission. split requires {{ADMIN}}, but due to this bug {{CREATE}} is also sufficient (although we have not verified it manually). {{CREATE}} permission can do flush and compactions, so this is not a security issue (I think). -- This message was sent by Atlassian JIRA (v6.3.4#6332)