[
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201828#comment-16201828
]
Santhosh G Nayak commented on HADOOP-14935:
-------------------------------------------
{quote}
L2665 - Instead of introducing a new config option, please use the
azureAuthorization config option. The code
in the patch on L2669 thru L2679 was added recently in commit 928820
specifically for authorization, so you can use azureAuthorization.
{quote}
{{azureAuthorization}} is added to enable/disable authorization for all the
FileSystem apis, whereas configuration property
{{fs.azure.enable.authorization.getfilestatus}} is introduced to enable/disable
the authorization on {{getFileStatus()}}.
{quote}
L3739 & L3740 - Shouldn't we have WasbAuthorizationOperations.ALL to avoid
multiple network calls for READ and WRITE? I suppose it may be too late for
this change.
{quote}
I agree that it affects the overall latency of {{access()}} operation. However,
we are having this requirement only in {{access()}}, whose usage is not high
compared to other apis. So, I would prefer to keep this as is.
> Azure: POSIX permissions are taking effect in access() method even when
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
> Key: HADOOP-14935
> URL: https://issues.apache.org/jira/browse/HADOOP-14935
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 2.9.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-14935-003.patch, HADOOP-14935.1.patch,
> HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does
> not override {{access(path,mode)}} method and uses the default implementation
> from the base class. This base implementaion uses the POSIX permissions to
> check if the requested user has access to given path or not even when
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use
> the authorization mechanism provided instead of relying on the POSIX
> permission ons. So the proposal is to override {{FileSystem.access()}} method
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism
> configured in authorization enabled mode and falls back to POSIX permissions
> otherwise.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
