[jira] [Commented] (HADOOP-14581) Restrict setOwner to list of user when security is enabled in wasb

Wed, 12 Jul 2017 03:39:08 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083737#comment-16083737
 ] 

Hudson commented on HADOOP-14581:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11992 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/11992/])
HADOOP-14581. Restrict setOwner to list of user when security is enabled 
(stevel: rev 7d272ea124615c493c60ad454fbd6f144dd3cc24)
* (edit) hadoop-tools/hadoop-azure/src/site/markdown/index.md
* (edit) 
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azure/TestNativeAzureFileSystemAuthorization.java
* (edit) 
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/NativeAzureFileSystem.java


> Restrict setOwner to list of user when security is enabled in wasb
> ------------------------------------------------------------------
>
>                 Key: HADOOP-14581
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14581
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 3.0.0-alpha3
>            Reporter: Varada Hemeswari
>            Assignee: Varada Hemeswari
>              Labels: azure, fs, secure, wasb
>             Fix For: 2.9.0, 3.0.0-beta1
>
>         Attachments: HADOOP-14581-003.patch, HADOOP-14581.1.patch, 
> HADOOP-14581.2.patch, HADOOP-14581.4.patch
>
>
> Currently in azure FS, setOwner api is exposed to all the users accessing the 
> file system.
> When Authorization is enabled, access to some files/folders is given to 
> particular users based on whether the user is the owner of the file.
> So setOwner has to be restricted to limited set of users to prevent users 
> from exploiting owner based authorization of files and folders.
> Introducing a new config called fs.azure.chown.allowed.userlist which is a 
> comma seperated list of users who are allowed to perform chown operation when 
> authorization is enabled.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to