Hey folks,

I had the occasion yesterday of trying to run an admin tool from my laptop
(as user 'todd') against an insecure cluster (running as user 'kudu'). The
cluster was rejecting me because I wasn't in the admin/service ACLs, which
was somewhat annoying.

I worked around the problem by locally hacking my copy of user.cc to ignore
my actual username and just return "kudu" :)

I think it's good that we have authorization enabled even in insecure
clusters, since it reduces test variables and prevents "accidental" usage
of higher privileges. So, I don't think we should disable the above
behavior.

That said, it's inconvenient to have to recompile Kudu to spoof a user
against an insecure cluster. Given that it's already easy to spoof for a
malicious user, does anyone have an objection to making it easier for
non-malicious users to spoof by respecting some environment variable like
KUDU_USER or KUDU_INSECURE_USER or KUDU_SPOOF_USER or somesuch?

-Todd
-- 
Todd Lipcon
Software Engineer, Cloudera

Reply via email to