[jira] [Commented] (HDFS-15051) RBF: Propose to revoke WRITE MountTableEntry privilege to super user only

Fri, 13 Dec 2019 10:06:07 -0800 


    [ 
https://issues.apache.org/jira/browse/HDFS-15051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995802#comment-16995802
 ] 

Íñigo Goiri commented on HDFS-15051:
------------------------------------

I would extend the unit tests to cover:
* A mount table with permissions rwxrwxr-x and a user from the same group 
changing the destination (success) and a user from a different group failing to 
do so.
* Similar test for removal.

On top of this, we should make sure the admin user can change all this even 
with no permissions.

> RBF: Propose to revoke WRITE MountTableEntry privilege to super user only
> -------------------------------------------------------------------------
>
>                 Key: HDFS-15051
>                 URL: https://issues.apache.org/jira/browse/HDFS-15051
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: rbf
>            Reporter: Xiaoqiao He
>            Assignee: Xiaoqiao He
>            Priority: Major
>         Attachments: HDFS-15051.001.patch, HDFS-15051.002.patch
>
>
> The current permission checker of #MountTableStoreImpl is not very restrict. 
> In some case, any user could add/update/remove MountTableEntry without the 
> expected permission checking.
> The following code segment try to check permission when operate 
> MountTableEntry, however mountTable object is from Client/RouterAdmin 
> {{MountTable mountTable = request.getEntry();}}, and user could pass any mode 
> which could bypass the permission checker.
> {code:java}
>   public void checkPermission(MountTable mountTable, FsAction access)
>       throws AccessControlException {
>     if (isSuperUser()) {
>       return;
>     }
>     FsPermission mode = mountTable.getMode();
>     if (getUser().equals(mountTable.getOwnerName())
>         && mode.getUserAction().implies(access)) {
>       return;
>     }
>     if (isMemberOfGroup(mountTable.getGroupName())
>         && mode.getGroupAction().implies(access)) {
>       return;
>     }
>     if (!getUser().equals(mountTable.getOwnerName())
>         && !isMemberOfGroup(mountTable.getGroupName())
>         && mode.getOtherAction().implies(access)) {
>       return;
>     }
>     throw new AccessControlException(
>         "Permission denied while accessing mount table "
>             + mountTable.getSourcePath()
>             + ": user " + getUser() + " does not have " + access.toString()
>             + " permissions.");
>   }
> {code}
> I just propose revoke WRITE MountTableEntry privilege to super user only.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to