[jira] [Commented] (STORM-438) SimpleACLAuthorizer should allow users with same keytab as supervisor to perform user operations

Tue, 05 Aug 2014 09:25:24 -0700 

    [ 
https://issues.apache.org/jira/browse/STORM-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086458#comment-14086458
 ] 

Derek Dagit commented on STORM-438:
-----------------------------------

OK. Can we add 'getClusterInfo' to the list of operations that the supervisor 
is allowed to do?  We just want to make sure that we don't accidentally allow 
launching of storm topologies by the supervisor user—that is what is really 
important here.

The use case makes sense, although with the default to-local plugin, I think we 
assume that there is a link between user names and kerberos principals.   
Normally, we would never access the UI or launch a nimbus client interactively 
as the same user who runs the supervisor.

If there are cases where a normal (non-admin) user 'storm' exists distinct from 
the kerberos principal "storm@$DOMAIN", then it seems we would need a different 
toLocal plugin to handle the translation and also we would need to update the 
supervisor users list with the local value of the principal.

> SimpleACLAuthorizer should allow users with same keytab as supervisor to 
> perform user operations
> ------------------------------------------------------------------------------------------------
>
>                 Key: STORM-438
>                 URL: https://issues.apache.org/jira/browse/STORM-438
>             Project: Apache Storm (Incubating)
>          Issue Type: Bug
>            Reporter: Sriharsha Chintalapani
>            Priority: Minor
>              Labels: Security
>
> Storm security allows user to provider jaas.conf with StormServer and 
> StormClient. If the user who is submitting a topology uses StormClient keytab 
>  than it would throw AuthorizationException. In SimpleACLAuthorizer we check 
> if supervisor_users contains context user if that matches we return true or 
> false if the operation requested is a supervisor operation.
> In the above case it would return false as user exists in supervisors and the 
> operation requested would be "getClusterInfo". This shouldn't fail since its 
> part of userOperations.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to