Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 9796D200B9B for ; Tue, 27 Sep 2016 08:53:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 962E3160AD3; Tue, 27 Sep 2016 06:53:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B6162160AD2 for ; Tue, 27 Sep 2016 08:53:21 +0200 (CEST) Received: (qmail 58251 invoked by uid 500); 27 Sep 2016 06:53:20 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 58196 invoked by uid 99); 27 Sep 2016 06:53:20 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2016 06:53:20 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id AB9EE2C2A5F for ; Tue, 27 Sep 2016 06:53:20 +0000 (UTC) Date: Tue, 27 Sep 2016 06:53:20 +0000 (UTC) From: "Ashish Singhi (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-16663) JMX ConnectorServer stopped when unauthorized user try to stop HM/RS/cluster MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 27 Sep 2016 06:53:22 -0000 [ https://issues.apache.org/jira/browse/HBASE-16663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15525283#comment-15525283 ] Ashish Singhi commented on HBASE-16663: --------------------------------------- [~pankaj2461], any update here ? This is good finding and we will need to address this in the next release of branch-1.2 and 0.98. /cc [~busbey], [~apurtell] > JMX ConnectorServer stopped when unauthorized user try to stop HM/RS/cluster > ---------------------------------------------------------------------------- > > Key: HBASE-16663 > URL: https://issues.apache.org/jira/browse/HBASE-16663 > Project: HBase > Issue Type: Bug > Components: metrics, security > Reporter: Pankaj Kumar > Assignee: Pankaj Kumar > Priority: Critical > > After HBASE-16284, unauthorized user will not able allowed to stop HM/RS/cluster, but while executing "cpHost.preStopMaster()", ConnectorServer stopped will be stopped before AccessController validation. > hbase-site.xml, > {noformat} > > hbase.coprocessor.master.classes > org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController > > > hbase.coprocessor.regionserver.classes > org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController > > {noformat} > HBaseAdmin.stopMaster(), > {noformat} > 2016-09-20 21:12:26,796 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped! > 2016-09-20 21:13:55,380 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-20 21:14:00,495 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred while stopping master > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preStopMaster(AccessController.java:1297) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost$68.call(MasterCoprocessorHost.java:821) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preStopMaster(MasterCoprocessorHost.java:817) > at org.apache.hadoop.hbase.master.HMaster.stopMaster(HMaster.java:2352) > at org.apache.hadoop.hbase.master.MasterRpcServices.stopMaster(MasterRpcServices.java:1364) > {noformat} > HBaseAdmin.stopRegionServer(rs-host-port), > {noformat} > 2016-09-20 20:59:01,234 INFO [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] hbase.JMXListener: ConnectorServer stopped! > 2016-09-20 20:59:01,250 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-20 20:59:01,253 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] regionserver.HRegionServer: The region server did not stop > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preStopRegionServer(AccessController.java:2501) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost$1.call(RegionServerCoprocessorHost.java:84) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.execOperation(RegionServerCoprocessorHost.java:256) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.preStop(RegionServerCoprocessorHost.java:80) > at org.apache.hadoop.hbase.regionserver.HRegionServer.stop(HRegionServer.java:1905) > at org.apache.hadoop.hbase.regionserver.RSRpcServices.stopServer(RSRpcServices.java:1961) > {noformat} > HBaseAdmin.shutdown(), > {noformat} > 2016-09-21 12:09:08,259 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Client=P72981//10.18.248.96 shutdown > 2016-09-21 12:09:08,261 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped! > 2016-09-21 12:09:08,276 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-21 12:09:08,280 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred in HMaster.shutdown() > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preShutdown(AccessController.java:1291) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost$67.call(MasterCoprocessorHost.java:806) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preShutdown(MasterCoprocessorHost.java:802) > at org.apache.hadoop.hbase.master.HMaster.shutdown(HMaster.java:2335) > at org.apache.hadoop.hbase.master.MasterRpcServices.shutdown(MasterRpcServices.java:1322) > at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:58551) > at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2270) > at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:123) > at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:188) > at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:168) > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)