[
https://issues.apache.org/jira/browse/HADOOP-14581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083750#comment-16083750
]
Steve Loughran commented on HADOOP-14581:
-----------------------------------------
(Had to add a second patch to get branch-2 to compile; java 7 doesn't like us
using non-final variables in inner classes/closures. My fault for not testing
the branch-2 build before committing it)
> Restrict setOwner to list of user when security is enabled in wasb
> ------------------------------------------------------------------
>
> Key: HADOOP-14581
> URL: https://issues.apache.org/jira/browse/HADOOP-14581
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 3.0.0-alpha3
> Reporter: Varada Hemeswari
> Assignee: Varada Hemeswari
> Labels: azure, fs, secure, wasb
> Fix For: 2.9.0, 3.0.0-beta1
>
> Attachments: HADOOP-14581-003.patch, HADOOP-14581.1.patch,
> HADOOP-14581.2.patch, HADOOP-14581.4.patch
>
>
> Currently in azure FS, setOwner api is exposed to all the users accessing the
> file system.
> When Authorization is enabled, access to some files/folders is given to
> particular users based on whether the user is the owner of the file.
> So setOwner has to be restricted to limited set of users to prevent users
> from exploiting owner based authorization of files and folders.
> Introducing a new config called fs.azure.chown.allowed.userlist which is a
> comma seperated list of users who are allowed to perform chown operation when
> authorization is enabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
