[
https://issues.apache.org/jira/browse/HDFS-10422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tianyin Xu updated HDFS-10422:
------------------------------
Summary: Do not throw AccessControlException for syntax errors of
security.hdfs.unreadable.by.superuser (was: Do not throw
AccessControlException for {{security.hdfs.unreadable.by.superuser}} ops)
> Do not throw AccessControlException for syntax errors of
> security.hdfs.unreadable.by.superuser
> ----------------------------------------------------------------------------------------------
>
> Key: HDFS-10422
> URL: https://issues.apache.org/jira/browse/HDFS-10422
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Affects Versions: 2.7.2
> Reporter: Tianyin Xu
>
> The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules:
> "this xattr is also write-once, and cannot be removed once set. This xattr
> does not allow a value to be set."
> [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]
> Upon violation, the system should throw {{IllegalArgumentException}}, the
> same behaviour like the other xattrs such as
> {{raw.hdfs.crypto.encryption.zone}}.
> Currently, it always throws {{AccessControlException}} which is supposed to
> be something related to access control. The only case
> {{AccessControlException}} should be thrown is when the superuser tries to
> access the file, but *not* anything else.
> If the user set any value, it violates the syntax of the xattr (this xattr
> does not need values) which has nothing to do with access control:
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
> if (XAttrHelper.getPrefixedName(xAttr).
> equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
> if (xAttr.getValue() != null) {
> throw new AccessControlException("Attempt to set a value for '" +
> SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
> "'. Values are not allowed for this xattr.");
> }
> return;
> }
> {code}
> \\
> Similarly, if the user wants to remove the xattr, it should throw
> {{IllegalArgumentException}} just like the encryption xattr in the following
> code. Basically I don't understand why the encryption xattr throws an
> {{IllegalArgumentException}} (via the {{checkArgument}} call) but the
> {{security.hdfs.unreadable.by.superuser}} xattr throws an
> {{AccessControlException}}. It's the same thing here: both of them cannot be
> removed...
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
> Preconditions.checkArgument(
> !KEYID_XATTR.equalsIgnoreValue(filter),
> "The encryption zone xattr should never be deleted.");
> if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
> throw new AccessControlException("The xattr '" +
> SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be
> deleted.");
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
