[ https://issues.apache.org/jira/browse/HDFS-11655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021947#comment-16021947 ]
Xiaoyu Yao commented on HDFS-11655: ----------------------------------- Thanks [~cheersyang] for reporting the issue and posting the fix. The permission check in the patch is done at the RPC layer. Note these RPC methods maybe invoked from other components such as KSM, CBlock server, etc. We may not run all these components using the same super user. If we really want to enforce this at RPC layer, we should have a whitelist instead of a single super user . If we enforce this only at the SCM Admin CLI, it should be fine to have a single super user though. > Ozone: CLI: Guarantees user runs SCM commands has appropriate permission > ------------------------------------------------------------------------ > > Key: HDFS-11655 > URL: https://issues.apache.org/jira/browse/HDFS-11655 > Project: Hadoop HDFS > Issue Type: Sub-task > Affects Versions: HDFS-7240 > Reporter: Weiwei Yang > Assignee: Weiwei Yang > Labels: command-line, security > Attachments: HDFS-11655-HDFS-7240.001.patch, > HDFS-11655-HDFS-7240.002.patch > > > We need to add a permission check module for ozone command line utilities, to > make sure users run commands with proper privileges. For now, commands in > [design doc| > https://issues.apache.org/jira/secure/attachment/12861478/storage-container-manager-cli-v002.pdf] > all require admin privilege. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org