hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-15873) ACL for snapshot restore is not enforced
Date Fri, 20 May 2016 23:37:12 GMT
Ted Yu created HBASE-15873:
------------------------------

             Summary: ACL for snapshot restore is not enforced
                 Key: HBASE-15873
                 URL: https://issues.apache.org/jira/browse/HBASE-15873
             Project: HBase
          Issue Type: Bug
    Affects Versions: 1.1.0
            Reporter: Ted Yu
            Assignee: Ted Yu
            Priority: Critical


[~romil.choksi] reported that snapshot owner couldn't restore snapshot on hbase 1.1
We saw the following in master log:
{code}
2016-05-20 00:22:17,186 DEBUG [B.defaultRpcServer.handler=23,queue=2,port=20000] ipc.RpcServer:
B.defaultRpcServer.handler=23,queue=2,port=20000: callId: 15 service:             MasterService
methodName: RestoreSnapshot size: 70 connection: x.y:56508
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user
'hrt_1' (global, action=ADMIN)
  at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:536)
  at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:512)
  at org.apache.hadoop.hbase.security.access.AccessController.preRestoreSnapshot(AccessController.java:1327)
  at org.apache.hadoop.hbase.master.MasterCoprocessorHost$73.call(MasterCoprocessorHost.java:881)
  at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1146)
  at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRestoreSnapshot(MasterCoprocessorHost.java:877)
  at org.apache.hadoop.hbase.master.snapshot.SnapshotManager.restoreSnapshot(SnapshotManager.java:726)
{code}
After adding some debug information, it turned out that the (request) SnapshotDescription
passed to the method doesn't have owner set.

This problem doesn't exist in master branch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message