[
https://issues.apache.org/jira/browse/HDDS-5138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddharth Wagle updated HDDS-5138:
----------------------------------
Summary: Upgrade related RPC calls should be allowed only for admins (was:
Upgade related RPC calls shold be allowed only for admins)
> Upgrade related RPC calls should be allowed only for admins
> -----------------------------------------------------------
>
> Key: HDDS-5138
> URL: https://issues.apache.org/jira/browse/HDDS-5138
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Marton Elek
> Assignee: Ethan Rose
> Priority: Blocker
>
> As far as I see any user can finalize upgrade (and I assume the same is true
> for preparation).
> {code}
> bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm
> bash-4.2$ ozone sh volume create /vol1
> PERMISSION_DENIED User testuser/[email protected] doesn't have CREATE
> permission to access volume vol1 null null
> {code}
> Failed as I am not an admin, but:
> {code}
> bash-4.2$ ozone admin scm finalizeupgrade
> Upgrade has already been finalized.
> Exiting...
> bash-4.2$
> {code}
> Please confirm, but I think a quick isAdmin check is missing from all the
> related RPC endpoints.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
