[jira] [Commented] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled

Wed, 11 Oct 2017 17:29:34 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201270#comment-16201270
 ] 

Thomas Marquardt commented on HADOOP-14935:
-------------------------------------------

Some feedback on HADOOP-14935-003.patch.

*NativeAzureFileSystem.java*
 *L2665* - Instead of introducing a new config option, please use the 
{{azureAuthorization}} config option.  The code
         in the patch on *L2669* thru *L2679* was added recently in commit 
928820 specifically for authorization, so you can use {{azureAuthorization}}.

 *L3722* - Hmm, as part of another JIRA, someone should define 
{{FileSystem.access}} in the documentation and add contract tests.

 *L3739* & *L3740* - Shouldn't we have {{WasbAuthorizationOperations.ALL}} to 
avoid multiple network calls for {{READ}} and {{WRITE}}?  I suppose it may be 
too late for this change.

> Azure: POSIX permissions are taking effect in access() method even when 
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935-003.patch, HADOOP-14935.1.patch, 
> HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does 
> not override {{access(path,mode)}} method and uses the default implementation 
> from the base class. This base implementaion uses the POSIX permissions to 
> check if the requested user has access to given path or not even when 
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use 
> the authorization mechanism provided instead of relying on the POSIX 
> permission ons. So the proposal is to override {{FileSystem.access()}} method 
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism 
> configured in authorization enabled mode and falls back to POSIX permissions 
> otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to