[ https://issues.apache.org/jira/browse/HDFS-10422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tianyin Xu updated HDFS-10422: ------------------------------ Description: The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: "this xattr is also write-once, and cannot be removed once set. This xattr does not allow a value to be set." [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html] Upon violation, the system should throw {{IllegalArgumentException}} to keep the consistent behaviour with the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. Currently, it always throws {{AccessControlException}} which is supposed to be something related to access control. The only case {{AccessControlException}} should be thrown is when the superuser tries to access the file, but *not* anything else. If the user set any value, it violates the syntax of the xattr (this xattr does not need values) which has nothing to do with access control: {code:title=XAttrPermissionFilter.java|borderStyle=solid} if (XAttrHelper.getPrefixedName(xAttr). equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) { if (xAttr.getValue() != null) { throw new AccessControlException("Attempt to set a value for '" + SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "'. Values are not allowed for this xattr."); } return; } {code} \\ Similarly, if the user wants to remove the xattr, it should throw {{IllegalArgumentException}} just like the encryption xattr in the following code. Basically I don't understand why the encryption xattr throws an {{IllegalArgumentException}} (via the {{checkArgument}} call) but the {{security.hdfs.unreadable.by.superuser}} xattr throws an {{AccessControlException}}. It's the same thing here: both of them cannot be removed... {code:title=XAttrPermissionFilter.java|borderStyle=solid} Preconditions.checkArgument( !KEYID_XATTR.equalsIgnoreValue(filter), "The encryption zone xattr should never be deleted."); if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) { throw new AccessControlException("The xattr '" + SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted."); } {code} was: The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: "this xattr is also write-once, and cannot be removed once set. This xattr does not allow a value to be set." [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html] Upon violation, the system should throw {{IllegalArgumentException}}, the same behaviour like the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. Currently, it always throws {{AccessControlException}} which is supposed to be something related to access control. The only case {{AccessControlException}} should be thrown is when the superuser tries to access the file, but *not* anything else. If the user set any value, it violates the syntax of the xattr (this xattr does not need values) which has nothing to do with access control: {code:title=XAttrPermissionFilter.java|borderStyle=solid} if (XAttrHelper.getPrefixedName(xAttr). equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) { if (xAttr.getValue() != null) { throw new AccessControlException("Attempt to set a value for '" + SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "'. Values are not allowed for this xattr."); } return; } {code} \\ Similarly, if the user wants to remove the xattr, it should throw {{IllegalArgumentException}} just like the encryption xattr in the following code. Basically I don't understand why the encryption xattr throws an {{IllegalArgumentException}} (via the {{checkArgument}} call) but the {{security.hdfs.unreadable.by.superuser}} xattr throws an {{AccessControlException}}. It's the same thing here: both of them cannot be removed... {code:title=XAttrPermissionFilter.java|borderStyle=solid} Preconditions.checkArgument( !KEYID_XATTR.equalsIgnoreValue(filter), "The encryption zone xattr should never be deleted."); if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) { throw new AccessControlException("The xattr '" + SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted."); } {code} > Do not throw AccessControlException for syntax errors of > security.hdfs.unreadable.by.superuser > ---------------------------------------------------------------------------------------------- > > Key: HDFS-10422 > URL: https://issues.apache.org/jira/browse/HDFS-10422 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.7.2 > Reporter: Tianyin Xu > > The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: > "this xattr is also write-once, and cannot be removed once set. This xattr > does not allow a value to be set." > [https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html] > Upon violation, the system should throw {{IllegalArgumentException}} to keep > the consistent behaviour with the other xattrs such as > {{raw.hdfs.crypto.encryption.zone}}. > Currently, it always throws {{AccessControlException}} which is supposed to > be something related to access control. The only case > {{AccessControlException}} should be thrown is when the superuser tries to > access the file, but *not* anything else. > If the user set any value, it violates the syntax of the xattr (this xattr > does not need values) which has nothing to do with access control: > {code:title=XAttrPermissionFilter.java|borderStyle=solid} > if (XAttrHelper.getPrefixedName(xAttr). > equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) { > if (xAttr.getValue() != null) { > throw new AccessControlException("Attempt to set a value for '" + > SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + > "'. Values are not allowed for this xattr."); > } > return; > } > {code} > \\ > Similarly, if the user wants to remove the xattr, it should throw > {{IllegalArgumentException}} just like the encryption xattr in the following > code. Basically I don't understand why the encryption xattr throws an > {{IllegalArgumentException}} (via the {{checkArgument}} call) but the > {{security.hdfs.unreadable.by.superuser}} xattr throws an > {{AccessControlException}}. It's the same thing here: both of them cannot be > removed... > {code:title=XAttrPermissionFilter.java|borderStyle=solid} > Preconditions.checkArgument( > !KEYID_XATTR.equalsIgnoreValue(filter), > "The encryption zone xattr should never be deleted."); > if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) { > throw new AccessControlException("The xattr '" + > SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be > deleted."); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org