[
https://issues.apache.org/jira/browse/HADOOP-14581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16082108#comment-16082108
]
Steve Loughran commented on HADOOP-14581:
-----------------------------------------
Patch 003
This is just patch 002 with the conflict in
{{TestNativeAzureFileSystemAuthorization}} with HADOOP-14443 fixed, and the new
imports re-orded to go with our preferred layout.
[~vahemesw] this is ready apart from checkstyle. & docs
Remember to hit the "submit patch" button to run it by Yetus. It doesn't run
the azure test (hence the need to explicitly declare it), but it does run it
through our style checks, and once HADOOP-14553 splits up unit and integration
tests, the mock tests will be run by yetus.
# Here a lot of the code is going to be rejected by the line with. Apart from
the special cases where *some* wider lines helps readability, the project
requires lines to be <= 80 chars wide. Why? it's so that the [git patch
viewer|https://chrome.google.com/webstore/detail/git-patch-viewer/hkoggakcdopbgnaeeidcmopfekipkleg]
can do side-by-side checking better.
# Needs documentation in hadoop-tools/hadoop-azure/src/site/markdown/index.md
. No good having new features if they are kept secret.
Thanks
> Restrict setOwner to list of user when security is enabled in wasb
> ------------------------------------------------------------------
>
> Key: HADOOP-14581
> URL: https://issues.apache.org/jira/browse/HADOOP-14581
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 3.0.0-alpha3
> Reporter: Varada Hemeswari
> Assignee: Varada Hemeswari
> Labels: azure, fs, secure, wasb
> Attachments: HADOOP-14581-003.patch, HADOOP-14581.1.patch,
> HADOOP-14581.2.patch
>
>
> Currently in azure FS, setOwner api is exposed to all the users accessing the
> file system.
> When Authorization is enabled, access to some files/folders is given to
> particular users based on whether the user is the owner of the file.
> So setOwner has to be restricted to limited set of users to prevent users
> from exploiting owner based authorization of files and folders.
> Introducing a new config called fs.azure.chown.allowed.userlist which is a
> comma seperated list of users who are allowed to perform chown operation when
> authorization is enabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
