[jira] [Updated] (HDFS-10422) Do not throw AccessControlException for syntax errors of security.hdfs.unreadable.by.superuser

Tianyin Xu (JIRA) Tue, 17 May 2016 18:29:00 -0700

     [ 
https://issues.apache.org/jira/browse/HDFS-10422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tianyin Xu updated HDFS-10422:
------------------------------
    Description: 
The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
"this xattr is also write-once, and cannot be removed once set. This xattr does 
not allow a value to be set."
[https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]

Upon violation, the system should throw {{IllegalArgumentException}} to keep 
the consistent behaviour with the other xattrs such as 
{{raw.hdfs.crypto.encryption.zone}}. 

Currently, it always throws {{AccessControlException}} which is supposed to be 
something related to access control. The only case {{AccessControlException}} 
should be thrown is when the superuser tries to access the file, but *not* 
anything else. 

If the user set any value, it violates the syntax of the xattr (this xattr does 
not need values) which has nothing to do with access control:
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
    if (XAttrHelper.getPrefixedName(xAttr).
        equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
      if (xAttr.getValue() != null) {
        throw new AccessControlException("Attempt to set a value for '" +
            SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
            "'. Values are not allowed for this xattr.");
      }   
      return;
    }   
{code} 
\\

Similarly, if the user wants to remove the xattr, it should throw 
{{IllegalArgumentException}} just like the encryption xattr in the following 
code. Basically I don't understand why the encryption xattr throws an 
{{IllegalArgumentException}} (via the {{checkArgument}} call) but the 
{{security.hdfs.unreadable.by.superuser}} xattr throws an 
{{AccessControlException}}. It's the same thing here: both of them cannot be 
removed...
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
        Preconditions.checkArgument(
            !KEYID_XATTR.equalsIgnoreValue(filter),
            "The encryption zone xattr should never be deleted.");
        if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
          throw new AccessControlException("The xattr '" +
              SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
        }   
{code} 



  was:
The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
"this xattr is also write-once, and cannot be removed once set. This xattr does 
not allow a value to be set."
[https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]

Upon violation, the system should throw {{IllegalArgumentException}}, the same 
behaviour like the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. 

Currently, it always throws {{AccessControlException}} which is supposed to be 
something related to access control. The only case {{AccessControlException}} 
should be thrown is when the superuser tries to access the file, but *not* 
anything else. 

If the user set any value, it violates the syntax of the xattr (this xattr does 
not need values) which has nothing to do with access control:
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
    if (XAttrHelper.getPrefixedName(xAttr).
        equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
      if (xAttr.getValue() != null) {
        throw new AccessControlException("Attempt to set a value for '" +
            SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
            "'. Values are not allowed for this xattr.");
      }   
      return;
    }   
{code} 
\\

Similarly, if the user wants to remove the xattr, it should throw 
{{IllegalArgumentException}} just like the encryption xattr in the following 
code. Basically I don't understand why the encryption xattr throws an 
{{IllegalArgumentException}} (via the {{checkArgument}} call) but the 
{{security.hdfs.unreadable.by.superuser}} xattr throws an 
{{AccessControlException}}. It's the same thing here: both of them cannot be 
removed...
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
        Preconditions.checkArgument(
            !KEYID_XATTR.equalsIgnoreValue(filter),
            "The encryption zone xattr should never be deleted.");
        if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
          throw new AccessControlException("The xattr '" +
              SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
        }   
{code} 




> Do not throw AccessControlException for syntax errors of 
> security.hdfs.unreadable.by.superuser
> ----------------------------------------------------------------------------------------------
>
>                 Key: HDFS-10422
>                 URL: https://issues.apache.org/jira/browse/HDFS-10422
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.7.2
>            Reporter: Tianyin Xu
>
> The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
> "this xattr is also write-once, and cannot be removed once set. This xattr 
> does not allow a value to be set."
> [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]
> Upon violation, the system should throw {{IllegalArgumentException}} to keep 
> the consistent behaviour with the other xattrs such as 
> {{raw.hdfs.crypto.encryption.zone}}. 
> Currently, it always throws {{AccessControlException}} which is supposed to 
> be something related to access control. The only case 
> {{AccessControlException}} should be thrown is when the superuser tries to 
> access the file, but *not* anything else. 
> If the user set any value, it violates the syntax of the xattr (this xattr 
> does not need values) which has nothing to do with access control:
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
>     if (XAttrHelper.getPrefixedName(xAttr).
>         equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
>       if (xAttr.getValue() != null) {
>         throw new AccessControlException("Attempt to set a value for '" +
>             SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
>             "'. Values are not allowed for this xattr.");
>       }   
>       return;
>     }   
> {code} 
> \\
> Similarly, if the user wants to remove the xattr, it should throw 
> {{IllegalArgumentException}} just like the encryption xattr in the following 
> code. Basically I don't understand why the encryption xattr throws an 
> {{IllegalArgumentException}} (via the {{checkArgument}} call) but the 
> {{security.hdfs.unreadable.by.superuser}} xattr throws an 
> {{AccessControlException}}. It's the same thing here: both of them cannot be 
> removed...
> {code:title=XAttrPermissionFilter.java|borderStyle=solid}
>         Preconditions.checkArgument(
>             !KEYID_XATTR.equalsIgnoreValue(filter),
>             "The encryption zone xattr should never be deleted.");
>         if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
>           throw new AccessControlException("The xattr '" +
>               SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be 
> deleted.");
>         }   
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-10422) Do not throw AccessControlException for syntax errors of security.hdfs.unreadable.by.superuser

Reply via email to