Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 42A88200BB7 for ; Wed, 5 Oct 2016 01:23:23 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 41491160AE8; Tue, 4 Oct 2016 23:23:23 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5C8A4160ADC for ; Wed, 5 Oct 2016 01:23:22 +0200 (CEST) Received: (qmail 44341 invoked by uid 500); 4 Oct 2016 23:23:21 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 44186 invoked by uid 99); 4 Oct 2016 23:23:21 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2016 23:23:21 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 295332C2A68 for ; Tue, 4 Oct 2016 23:23:21 +0000 (UTC) Date: Tue, 4 Oct 2016 23:23:21 +0000 (UTC) From: "Andrew Purtell (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HBASE-16663) JMX ConnectorServer stopped when unauthorized user try to stop HM/RS/cluster MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 04 Oct 2016 23:23:23 -0000 [ https://issues.apache.org/jira/browse/HBASE-16663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrew Purtell updated HBASE-16663: ----------------------------------- Fix Version/s: (was: 0.98.24) 0.98.23 > JMX ConnectorServer stopped when unauthorized user try to stop HM/RS/cluster > ---------------------------------------------------------------------------- > > Key: HBASE-16663 > URL: https://issues.apache.org/jira/browse/HBASE-16663 > Project: HBase > Issue Type: Bug > Components: metrics, security > Reporter: Pankaj Kumar > Assignee: Pankaj Kumar > Priority: Critical > Fix For: 2.0.0, 1.3.0, 1.4.0, 0.98.23, 1.2.5 > > Attachments: HBASE-16663-V2.patch, HBASE-16663-V3.patch, HBASE-16663.patch > > > After HBASE-16284, unauthorized user will not able allowed to stop HM/RS/cluster, but while executing "cpHost.preStopMaster()", ConnectorServer will be stopped before AccessController validation. > hbase-site.xml, > {noformat} > > hbase.coprocessor.master.classes > org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController > > > hbase.coprocessor.regionserver.classes > org.apache.hadoop.hbase.JMXListener,org.apache.hadoop.hbase.security.access.AccessController > > {noformat} > HBaseAdmin.stopMaster(), > {noformat} > 2016-09-20 21:12:26,796 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped! > 2016-09-20 21:13:55,380 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-20 21:14:00,495 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred while stopping master > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preStopMaster(AccessController.java:1297) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost$68.call(MasterCoprocessorHost.java:821) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preStopMaster(MasterCoprocessorHost.java:817) > at org.apache.hadoop.hbase.master.HMaster.stopMaster(HMaster.java:2352) > at org.apache.hadoop.hbase.master.MasterRpcServices.stopMaster(MasterRpcServices.java:1364) > {noformat} > HBaseAdmin.stopRegionServer(rs-host-port), > {noformat} > 2016-09-20 20:59:01,234 INFO [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] hbase.JMXListener: ConnectorServer stopped! > 2016-09-20 20:59:01,250 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-20 20:59:01,253 WARN [RpcServer.FifoWFPBQ.priority.handler=18,queue=0,port=16020] regionserver.HRegionServer: The region server did not stop > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preStopRegionServer(AccessController.java:2501) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost$1.call(RegionServerCoprocessorHost.java:84) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.execOperation(RegionServerCoprocessorHost.java:256) > at org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost.preStop(RegionServerCoprocessorHost.java:80) > at org.apache.hadoop.hbase.regionserver.HRegionServer.stop(HRegionServer.java:1905) > at org.apache.hadoop.hbase.regionserver.RSRpcServices.stopServer(RSRpcServices.java:1961) > {noformat} > HBaseAdmin.shutdown(), > {noformat} > 2016-09-21 12:09:08,259 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Client=P72981//10.18.248.96 shutdown > 2016-09-21 12:09:08,261 INFO [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] hbase.JMXListener: ConnectorServer stopped! > 2016-09-21 12:09:08,276 WARN [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user P72981 > ExitCodeException exitCode=1: id: P72981: No such user > 2016-09-21 12:09:08,280 ERROR [RpcServer.FifoWFPBQ.priority.handler=19,queue=1,port=16000] master.MasterRpcServices: Exception occurred in HMaster.shutdown() > org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'P72981' (global, action=ADMIN) > at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546) > at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522) > at org.apache.hadoop.hbase.security.access.AccessController.preShutdown(AccessController.java:1291) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost$67.call(MasterCoprocessorHost.java:806) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1188) > at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preShutdown(MasterCoprocessorHost.java:802) > at org.apache.hadoop.hbase.master.HMaster.shutdown(HMaster.java:2335) > at org.apache.hadoop.hbase.master.MasterRpcServices.shutdown(MasterRpcServices.java:1322) > at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:58551) > at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2270) > at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:123) > at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:188) > at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:168) > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)