[
https://issues.apache.org/jira/browse/HDFS-11991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16055561#comment-16055561
]
Weiwei Yang commented on HDFS-11991:
------------------------------------
Hi [~anu]
I am not 100% sure yet, any suggestion is welcomed. My thought so far is, right
now there is only {{Simple}} auth model in ozone, it completely trusts the
client and gets the user name from http header, if the user name equals to root
or hdfs, it authenticates this user as an admin.
I plan to remove the hard coded {{OZONE_SIMPLE_ROOT_USER}} and
{{OZONE_SIMPLE_HDFS_USER}} from {{OzoneConsts}}, instead we should read
{{OzoneConfigKeys#OZONE_ADMINISTRATORS}} to get a list of administrators. If
this property is not set, we read the current user as the admin user. If ozone
daemons are running with different users, this property must be set in order
not to get a permission denied error.
Please feel free to share your thoughts on this.
Thanks.
> Ozone: Ozone shell: the root is assumed to hdfs
> -----------------------------------------------
>
> Key: HDFS-11991
> URL: https://issues.apache.org/jira/browse/HDFS-11991
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: ozone
> Reporter: Anu Engineer
> Assignee: Weiwei Yang
> Fix For: HDFS-7240
>
>
> *hdfs oz* command, or ozone shell has a command like option to run some
> commands as root easily by specifying _--root_ as a command line option.
> But after HDFS-11655 that assumption is no longer true. We need to detect the
> user that started the scm/ksm service and _root_ should be mapped to that
> user.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
