[jira] [Updated] (HADOOP-14935) Azure: POSIX permissions are taking effect in access() method even when authorization is enabled

Fri, 13 Oct 2017 10:02:24 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steve Loughran updated HADOOP-14935:
------------------------------------
    Attachment: HADOOP-14935-005.patch

I'm going to attach patch 005. This is patch 004 with all support for auth on 
getFileStatus removed. That is, the code in patch 4 and HADOOP-14845 cut out: 
there's no auth checking going on in that call.

I've not reverted all of HADOOP-14845; it retains the 
{{getFileStatusInternal()}} and {{existsInternal()}} calls. Why so? 

# In S3A it turned out to be useful to have the split, especially related to 
error translation & retry
# makes it easier to reinstate file status auth; changes to production code 
will be limited to getFileStatus only.

Testing Azure ireland.

> Azure: POSIX permissions are taking effect in access() method even when 
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-14935
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14935
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 2.9.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch, 
> HADOOP-14935-005.patch, HADOOP-14935.1.patch, HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does 
> not override {{access(path,mode)}} method and uses the default implementation 
> from the base class. This base implementaion uses the POSIX permissions to 
> check if the requested user has access to given path or not even when 
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use 
> the authorization mechanism provided instead of relying on the POSIX 
> permission ons. So the proposal is to override {{FileSystem.access()}} method 
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism 
> configured in authorization enabled mode and falls back to POSIX permissions 
> otherwise.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to