[
https://issues.apache.org/jira/browse/HDFS-11655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021947#comment-16021947
]
Xiaoyu Yao commented on HDFS-11655:
-----------------------------------
Thanks [~cheersyang] for reporting the issue and posting the fix. The
permission check in the patch is done at the RPC layer. Note these RPC methods
maybe invoked from other components such as KSM, CBlock server, etc. We may not
run all these components using the same super user. If we really want to
enforce this at RPC layer, we should have a whitelist instead of a single super
user . If we enforce this only at the SCM Admin CLI, it should be fine to have
a single super user though.
> Ozone: CLI: Guarantees user runs SCM commands has appropriate permission
> ------------------------------------------------------------------------
>
> Key: HDFS-11655
> URL: https://issues.apache.org/jira/browse/HDFS-11655
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Affects Versions: HDFS-7240
> Reporter: Weiwei Yang
> Assignee: Weiwei Yang
> Labels: command-line, security
> Attachments: HDFS-11655-HDFS-7240.001.patch,
> HDFS-11655-HDFS-7240.002.patch
>
>
> We need to add a permission check module for ozone command line utilities, to
> make sure users run commands with proper privileges. For now, commands in
> [design doc|
> https://issues.apache.org/jira/secure/attachment/12861478/storage-container-manager-cli-v002.pdf]
> all require admin privilege.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
