[
https://issues.apache.org/jira/browse/HDFS-15850?focusedWorklogId=569285&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-569285
]
ASF GitHub Bot logged work on HDFS-15850:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 20/Mar/21 20:10
Start Date: 20/Mar/21 20:10
Worklog Time Spent: 10m
Work Description: vivekratnavel commented on a change in pull request
#2784:
URL: https://github.com/apache/hadoop/pull/2784#discussion_r598154449
##########
File path:
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
##########
@@ -7665,7 +7670,7 @@ void addCachePool(CachePoolInfo req, boolean
logRetryCache)
checkOperation(OperationCategory.WRITE);
String poolInfoStr = null;
try {
- checkSuperuserPrivilege();
+ checkSuperuserPrivilege(operationName);
Review comment:
That's a good suggestion @xiaoyuyao. We cannot add the cache pool name
for "addCachePool()" method since the superuser check needs to happen before
adding the cache pool and we get the name only after it's added. But, I will
set the cache pool name in context for modify and remove methods.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 569285)
Time Spent: 1h (was: 50m)
> Superuser actions should be reported to external enforcers
> ----------------------------------------------------------
>
> Key: HDFS-15850
> URL: https://issues.apache.org/jira/browse/HDFS-15850
> Project: Hadoop HDFS
> Issue Type: Task
> Components: security
> Affects Versions: 3.3.0
> Reporter: Vivek Ratnavel Subramanian
> Assignee: Vivek Ratnavel Subramanian
> Priority: Major
> Labels: pull-request-available
> Attachments: HDFS-15850.v1.patch, HDFS-15850.v2.patch
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Currently, HDFS superuser checks or actions are not reported to external
> enforcers like Ranger and the audit report provided by such external enforces
> are not complete and are missing the superuser actions. To fix this, add a
> new method to "AccessControlEnforcer" for all superuser checks.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
