[
https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315304#comment-14315304
]
Josh Elser commented on ACCUMULO-3568:
--------------------------------------
After much cursing, finally figured it out. The problem was not the client
doing something bad, but the server *using* the clients credentials instead of
its own.
{code}
@Override
public List<TDiskUsage> getDiskUsage(Set<String> tables, TCredentials
credentials) throws ThriftTableOperationException, ThriftSecurityException,
TException {
try {
final Credentials creds = Credentials.fromThrift(credentials);
Connector conn = instance.getConnector(creds.getPrincipal(),
creds.getToken());
{code}
That explains why I couldn't figure out what was seemingly different on the
client side -- it was nothing. The server should be using its own connector and
enforcing proper permissions to keep users from {{du}}'ing tables which they
have no access to.
> du shell command uses ServerClient incorrectly
> ----------------------------------------------
>
> Key: ACCUMULO-3568
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
> Project: Accumulo
> Issue Type: Bug
> Components: shell
> Environment: kerberos
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Critical
> Fix For: 1.7.0
>
>
> {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is
> meant for Accumulo services to use to communicate with each other. This
> results in the authentication performed for this method being performed
> (incorrectly) as the system instead of the client.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
