[
https://issues.apache.org/jira/browse/HDDS-7498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-7498:
----------------------------------
Description:
Unauthorized user can use --user tag for different user(possibly super user)
and list all volumes. But cannot go into a bucket.I ran this command to list
volumes visible to another user(user1).
{noformat}
ozone sh volume list --user=user1 o3://ozone1/
{
"metadata" : { },
"name" : "archvol",
"admin" : "[email protected]",
"owner" : "ne1o",
"quotaInBytes" : 107374182400,
"quotaInNamespace" : -1,
"usedNamespace" : 1,
"creationTime" : "2022-09-12T01:10:36.944Z",
"modificationTime" : "2022-09-12T01:10:36.944Z",
"acls" : [ {
"type" : "USER",
"name" : "ne1o",
"aclScope" : "ACCESS",
"aclList" : [ "ALL" ]
}, {
{noformat}
> Deny users to list volumes without proper LIST permissions
> ----------------------------------------------------------
>
> Key: HDDS-7498
> URL: https://issues.apache.org/jira/browse/HDDS-7498
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
>
> Unauthorized user can use --user tag for different user(possibly super user)
> and list all volumes. But cannot go into a bucket.I ran this command to list
> volumes visible to another user(user1).
> {noformat}
> ozone sh volume list --user=user1 o3://ozone1/
> {
> "metadata" : { },
> "name" : "archvol",
> "admin" : "[email protected]",
> "owner" : "ne1o",
> "quotaInBytes" : 107374182400,
> "quotaInNamespace" : -1,
> "usedNamespace" : 1,
> "creationTime" : "2022-09-12T01:10:36.944Z",
> "modificationTime" : "2022-09-12T01:10:36.944Z",
> "acls" : [ {
> "type" : "USER",
> "name" : "ne1o",
> "aclScope" : "ACCESS",
> "aclList" : [ "ALL" ]
> }, {
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
