[
https://issues.apache.org/jira/browse/DRILL-8359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643997#comment-17643997
]
ASF GitHub Bot commented on DRILL-8359:
---------------------------------------
cgivre commented on PR #2713:
URL: https://github.com/apache/drill/pull/2713#issuecomment-1339798220
> @cgivre
>
> > I guess my first question is whose permissions will these commands run
under?
> > Another thing to think about is making sure that users can't arbitrarily
add this code somehow to a query.
>
> They'll run under the Drill process user. That user doesn't need much
access to the OS but it generally will have lots of access, possibly including
write, to data storage.
My biggest concerns would be that a user could execute malicious commands
and escalate privileges or access things that they don't have access to.
However, in order to enable/disable plugins, the user has to be an admin
anyway, so I think it will be ok. I'd say we should be ok as long as we
provide a boot level option to disable it.
>
> > Another thing to think about is making sure that users can't arbitrarily
add this code somehow to a query.
>
> Can't table functions set format config options but not storage config
options?
You are correct.
> Add mount and unmount command support to the filesystem plugin
> --------------------------------------------------------------
>
> Key: DRILL-8359
> URL: https://issues.apache.org/jira/browse/DRILL-8359
> Project: Apache Drill
> Issue Type: Improvement
> Components: Storage - File
> Affects Versions: 1.20.2
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
> Fix For: 2.0.0
>
>
> This Jira proposes optional mount and unmount commands in the filesystem
> plugin with the goal of enabling the dynamic definition of filesystem mounts
> in the storage configuration. It is mainly anticpiated that network and cloud
> filesystems that have FUSE drivers (sshfs, davfs, rclone, ...) will be used
> in this way but local device mounts and image/loop device mounts (ISO, IMG,
> squashfs, etc.) might also be of interest. Filesystems that can be mounted in
> this way become queryable by Drill cluster without burden of dedicated
> storage plugin development.
> The provided commands are executed in their own processes by the host OS and
> run under the OS user that is running the Drill JVM. The mount command will
> be executed when an enabled plugin is initialised (something that is done
> lazily) and whenever it transitions from disabled to enabled. The provided
> unmount command will be executed whenever a plugin transitions from enabled
> to disabled and when the Drillbit shuts down while the plugin has been
> initialised and is enabled.
> Example using udisks on Linux to mount and unmount an image of an ext4
> filesystem.
> {code:java}
> {
> "type" : "file",
> "connection" : "file:///",
> "mountCommand" : [ "sh", "-c", "udisksctl loop-setup -f /tmp/test.img &&
> udisksctl mount -b /dev/loop0" ],
> "unmountCommand" : [ "sh", "-c", "udisksctl unmount -b /dev/loop0 &&
> udisksctl loop-delete -b /dev/loop0" ],
> "workspaces" : {
> ...{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
