[ https://issues.apache.org/jira/browse/HDFS-15051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16994281#comment-16994281 ]
Xiaoqiao He commented on HDFS-15051: ------------------------------------ {quote}We can change to have just superuser access, if only the admin is supposed to handle the mount points and we don't expect any user to be directly operating on the Router Mount points. {quote} I agree with that one hundred percent. Another side, if we open the update mount point privilege to all end user, there will be some other issues. Such as, end user change someone mount point from one namespace to another, but do not transfer data meanwhile, we could not keep the data consistency guarantee. {quote}User isn't suppose to know there is a router, then why he should have rights on Router Operations {quote} +1. I believe we should keep mount points transparently to end user. So it is reasonable to revoke this privilege in my own opinion. Any more information or consideration about the initial design will be better to determine what we should step forward. cc [~linyiqun] would you mind to offer some more suggestions? > RBF: Propose to revoke WRITE MountTableEntry privilege to super user only > ------------------------------------------------------------------------- > > Key: HDFS-15051 > URL: https://issues.apache.org/jira/browse/HDFS-15051 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: rbf > Reporter: Xiaoqiao He > Assignee: Xiaoqiao He > Priority: Major > Attachments: HDFS-15051.001.patch > > > The current permission checker of #MountTableStoreImpl is not very restrict. > In some case, any user could add/update/remove MountTableEntry without the > expected permission checking. > The following code segment try to check permission when operate > MountTableEntry, however mountTable object is from Client/RouterAdmin > {{MountTable mountTable = request.getEntry();}}, and user could pass any mode > which could bypass the permission checker. > {code:java} > public void checkPermission(MountTable mountTable, FsAction access) > throws AccessControlException { > if (isSuperUser()) { > return; > } > FsPermission mode = mountTable.getMode(); > if (getUser().equals(mountTable.getOwnerName()) > && mode.getUserAction().implies(access)) { > return; > } > if (isMemberOfGroup(mountTable.getGroupName()) > && mode.getGroupAction().implies(access)) { > return; > } > if (!getUser().equals(mountTable.getOwnerName()) > && !isMemberOfGroup(mountTable.getGroupName()) > && mode.getOtherAction().implies(access)) { > return; > } > throw new AccessControlException( > "Permission denied while accessing mount table " > + mountTable.getSourcePath() > + ": user " + getUser() + " does not have " + access.toString() > + " permissions."); > } > {code} > I just propose revoke WRITE MountTableEntry privilege to super user only. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org