[jira] [Commented] (HDFS-10378) FSDirAttrOp#setOwner throws AccessControlException with wrong message

Thu, 19 May 2016 22:30:40 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-10378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15292746#comment-15292746
 ] 

John Zhuge commented on HDFS-10378:
-----------------------------------

[~yzhangal] According to {{HdfsPermissionsGuide}}:
bq. Calling setOwner to change the user that owns a file requires HDFS 
super-user access. HDFS super-user access is not required to change the group, 
but the caller must be a member of the specified group.

The above sentence misses "the caller must be the owner of the file". Filed 
HDFS-10439.

{{fsd.checkOwner(pc, iip)}} is necessary when group is not null because the 
caller must be the owner of the file; superuser is not both necessary and 
sufficient in this case.

Plan to rewrite permission checking code of {{setOwner}}: 
{code}
setOwner(path, username, group) {
  if (user != null) {
    if (!pc.isSuperUser()) {
      throw ACE("Only super user can change owner");
    }
  }
  if (group != null) {
    if (!pc.isSuperUser()) {
      if (!pc.containsGroup(group)) {
        throw ACE("User does not belong to " + group);
      }
      // May throw ACE("Permission denied. user=" + getUser() + " is not the 
owner of inode=" + inode)
      fsd.checkOwner(pc, iip);
    }
  }
}
{code}

> FSDirAttrOp#setOwner throws AccessControlException with wrong message
> ---------------------------------------------------------------------
>
>                 Key: HDFS-10378
>                 URL: https://issues.apache.org/jira/browse/HDFS-10378
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.8.0
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>            Priority: Minor
>              Labels: supportability
>         Attachments: HDFS-10378-unit.patch, HDFS-10378.001.patch
>
>
> Calling {{setOwner}} as a non-super user does trigger 
> {{AccessControlException}}, however, the message "Permission denied. 
> user=user1967821757 is not the owner of inode=child" is wrong. Expect this 
> message: "Non-super user cannot change owner".
> Output of patched unit test {{TestPermission.testFilePermission}}:
> {noformat}
> 2016-05-06 16:45:44,915 [main] INFO  security.TestPermission 
> (TestPermission.java:testFilePermission(280)) - GOOD: got 
> org.apache.hadoop.security.AccessControlException: Permission denied. 
> user=user1967821757 is not the owner of inode=child1
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkOwner(FSPermissionChecker.java:273)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:250)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:190)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1642)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1626)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkOwner(FSDirectory.java:1595)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSDirAttrOp.setOwner(FSDirAttrOp.java:88)
>       at 
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.setOwner(FSNamesystem.java:1717)
>       at 
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.setOwner(NameNodeRpcServer.java:835)
>       at 
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.setOwner(ClientNamenodeProtocolServerSideTranslatorPB.java:481)
>       at 
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
>       at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:665)
>       at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:989)
>       at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2423)
>       at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2419)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1755)
>       at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2417)
> {noformat}
> Will upload the unit test patch shortly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to