[jira] [Created] (HDDS-5138) Upgade related RPC calls shold be allowed only for admins

Marton Elek (Jira) Thu, 22 Apr 2021 01:55:10 -0700

Marton Elek created HDDS-5138:
---------------------------------

             Summary: Upgade related RPC calls shold be allowed only for admins
                 Key: HDDS-5138
                 URL: https://issues.apache.org/jira/browse/HDDS-5138
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: Marton Elek



As far as I see any user can finalize upgrade (and I assume the same is true 
for preparation).

{code}
bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm
bash-4.2$ ozone sh volume create /vol1
PERMISSION_DENIED User testuser/[email protected] doesn't have CREATE 
permission to access volume vol1 null null
{code}

Failed as I am not an admin, but:

{code}
bash-4.2$ ozone admin scm  finalizeupgrade
Upgrade has already been finalized.
Exiting...
bash-4.2$
{code}

Please confirm, but I think a quick isAdmin check is missing from all the 
related RPC endpoints.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDDS-5138) Upgade related RPC calls shold be allowed only for admins

Reply via email to