[
https://issues.apache.org/jira/browse/HADOOP-14899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16194481#comment-16194481
]
Kannapiran Srinivasan commented on HADOOP-14899:
------------------------------------------------
[[email protected]] : I have updated the patch with following fixes
* L698: I think it is better to have a separate list defined for chmod allowed
users instead of using a common one for both chown and chmod. Because this
gives a flexibility to configure different set of allowed users for both chmod
& chown. I have reverted the code back to use fs.azure.chown.allowed.userlist
for chown.
* L2916: Fixed
* L2980: Fixed
* L7971. chmod & chown should check against the current user not the
actualUser. actualUser is set in the context of impersonation. Earlier logic on
setPermission was wrongly checking the actualUser instead of currentUser. Yes
getCurrentUser should not be null during chmod / chown calls irrespective of
impersonation enabled or not
* L3055. Cached the user lists (chown, chmod & daemon) during the init &
enabled set of helper methods for tests to update them during test runs
* Refactoring is done on the testcases as mentioned in the commentÂ
Apart from this I have fixed testcases related to setOwner
(testSetOwnerThrowsForUnauthorisedUsers, testSetOwnerFailsForIllegalSetup,
testSetOwnerThrowsForUnauthorisedUsers &
testSetOwnerSucceedsForAnyUserWhenWildCardIsSpecified)
All the tests have passed in hadoop-azure in both secure and unsecure mode.
Tested against storage account in South India
> Restrict Access to setPermission operation when authorization is enabled in
> WASB
> --------------------------------------------------------------------------------
>
> Key: HADOOP-14899
> URL: https://issues.apache.org/jira/browse/HADOOP-14899
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Reporter: Kannapiran Srinivasan
> Assignee: Kannapiran Srinivasan
> Labels: fs, secure, wasb
> Attachments: HADOOP-14899-001.patch, HADOOP-14899-002.patch,
> HADOOP-14899-003.patch, HADOOP-14899-004.patch
>
>
> In case of authorization enabled Wasb clusters, we need to restrict setting
> permissions on files or folders to owner or list of privileged users.
> Currently in the WASB implementation even when authorization is enabled there
> is no check happens while doing setPermission call. In this JIRA we would
> like to add the check on the setPermission call in NativeAzureFileSystem
> implementation so that only owner or the privileged list of users or daemon
> users can change the permissions of files/folders
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
