[ https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Loughran updated HADOOP-14935: ------------------------------------ Attachment: HADOOP-14935-005.patch I'm going to attach patch 005. This is patch 004 with all support for auth on getFileStatus removed. That is, the code in patch 4 and HADOOP-14845 cut out: there's no auth checking going on in that call. I've not reverted all of HADOOP-14845; it retains the {{getFileStatusInternal()}} and {{existsInternal()}} calls. Why so? # In S3A it turned out to be useful to have the split, especially related to error translation & retry # makes it easier to reinstate file status auth; changes to production code will be limited to getFileStatus only. Testing Azure ireland. > Azure: POSIX permissions are taking effect in access() method even when > authorization is enabled > ------------------------------------------------------------------------------------------------ > > Key: HADOOP-14935 > URL: https://issues.apache.org/jira/browse/HADOOP-14935 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure > Affects Versions: 2.9.0 > Reporter: Santhosh G Nayak > Assignee: Santhosh G Nayak > Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch, > HADOOP-14935-005.patch, HADOOP-14935.1.patch, HADOOP-14935.2.patch > > > FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does > not override {{access(path,mode)}} method and uses the default implementation > from the base class. This base implementaion uses the POSIX permissions to > check if the requested user has access to given path or not even when > authorization is enabled, which is incorrect. > {{NativeAzureFileSystem.access()}} in authorization enabled mode should use > the authorization mechanism provided instead of relying on the POSIX > permission ons. So the proposal is to override {{FileSystem.access()}} method > in {{NativeAzureFileSystem}} such that it honors the authorization mechanism > configured in authorization enabled mode and falls back to POSIX permissions > otherwise. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org