-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56700/
-----------------------------------------------------------
(Updated 三月 10, 2017, 1:45 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1386
https://issues.apache.org/jira/browse/RANGER-1386
Repository: ranger
Description
-------
steps:
1.User yuwen does't has the permission to put a.txt in hdfs Catalog /test
[yuwen@zdh41 bin]$ ./hdfs dfs -put /home/xiehh/a.txt /test
put: Permission denied: user=yuwen, access=WRITE,
inode="/test/a.txt._COPYING_":xiehh:supergroup:drwxr-xr-x
2.Execute enable-hdfs-plugin.sh and Restart hadoop-hdfs, ranger authorization
control enabled.
We add policy to give permission for user yuwen to put a file in web UI.
[yuwen@zdh41 bin]$ ./hdfs dfs -put /home/xiehh/a.txt /test
[yuwen@zdh41 bin]$ ./hdfs dfs -ls /test
Found 1 items
-rw-r--r-- 3 yuwen supergroup 15 2017-02-20 17:07 /test/a.txt
3. Execute disable-hdfs-plugin.sh and Restart hadoop-hdfs
user yuwen shouldn't have the permission to put a file in Catalog /test
but he also has the rights ,ranger hdfs-plugin function not revoked
This is a serious problem which cause hadoop-hdfs authorization failed.
Diffs (updated)
-----
hdfs-agent/disable-conf/hdfs-site-changes.cfg PRE-CREATION
src/main/assembly/hdfs-agent.xml 63e426a
Diff: https://reviews.apache.org/r/56700/diff/2/
Changes: https://reviews.apache.org/r/56700/diff/1-2/
Testing
-------
Thanks,
Qiang Zhang
