hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-15873) ACL for snapshot restore / clone is not enforced
Date Mon, 23 May 2016 02:23:12 GMT

     [ https://issues.apache.org/jira/browse/HBASE-15873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ted Yu updated HBASE-15873:
---------------------------
    Fix Version/s: 1.1.6
                   1.2.2
                   1.4.0
                   1.3.0

> ACL for snapshot restore / clone is not enforced
> ------------------------------------------------
>
>                 Key: HBASE-15873
>                 URL: https://issues.apache.org/jira/browse/HBASE-15873
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 1.1.0
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>            Priority: Critical
>             Fix For: 1.3.0, 1.4.0, 1.2.2, 1.1.6
>
>         Attachments: HBASE-15873-branch-1.v1.txt
>
>
> [~romil.choksi] reported that snapshot owner couldn't restore snapshot on hbase 1.1
> We saw the following in master log:
> {code}
> 2016-05-20 00:22:17,186 DEBUG [B.defaultRpcServer.handler=23,queue=2,port=20000] ipc.RpcServer:
B.defaultRpcServer.handler=23,queue=2,port=20000: callId: 15 service:             MasterService
methodName: RestoreSnapshot size: 70 connection: x.y:56508
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for
user 'hrt_1' (global, action=ADMIN)
>   at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:536)
>   at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:512)
>   at org.apache.hadoop.hbase.security.access.AccessController.preRestoreSnapshot(AccessController.java:1327)
>   at org.apache.hadoop.hbase.master.MasterCoprocessorHost$73.call(MasterCoprocessorHost.java:881)
>   at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1146)
>   at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRestoreSnapshot(MasterCoprocessorHost.java:877)
>   at org.apache.hadoop.hbase.master.snapshot.SnapshotManager.restoreSnapshot(SnapshotManager.java:726)
> {code}
> After adding some debug information, it turned out that the (request) SnapshotDescription
passed to the method doesn't have owner set.
> This problem doesn't exist in master branch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message