[
https://issues.apache.org/jira/browse/HDDS-7266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Joshi updated HDDS-7266:
-----------------------------
Description:
Using ozone fs with {*}_ranger authorizer_{*}, users having a deny policy for a
directory that list the directory are not displayed when listing , ozone fs -ls
/vol1. This is *_unexpected_* and can alarm the users that the directory and
its contents have been lost.
What *_is expected_* is showing the directory even if the user does have access
permissions, but when the user accesses the directory it receives a permission
error.
{code:java}
given volume: vol1, bucket: bucket1 and key: hosts,
/vol1/bucket1/hosts
when bucket1 is part of a ranger deny policy for a user what occurs is:
$ozone sh key info /vol1/bucket1/hosts
PERMISSION_DENIED User <user> doesn't have READ permission to access bucket
Volume:vol1 Bucket:bucket1
This is what is expected. For ozone fs accesses however what occurs is:
$ozone fs -ls /vol1/bucket1/
ls: /vol1/bucket1/: No such file or directory
{code}
was:
Using ozone fs with {*}_ranger authorizer_{*}, users having a deny policy for a
directory that list the directory are not displayed when listing , ozone fs -ls
/vol1. This is *_unexpected_* and can alarm the users that the directory and
its contents have been lost.
What *_is expected_* is showing the directory even if the user does have access
permissions, but when the user accesses the directory it receives a permission
error.
{code:java}
given volume: vol1, bucket: bucket1 and key: hosts,
/vol1/bucket1/hosts
when bucket1 is part of a ranger deny policy for a user what occurs is:
$ozone sh key info /vol1/bucket1/hosts
PERMISSION_DENIED User <user> doesn't have READ permission to access bucket
Volume:vol1 Bucket:bucket1
This is what is expected for ozone fs accesses however what occurs is:
$ozone fs -ls /vol1/bucket1/
ls: /vol1/bucket1/: No such file or directory
{code}
> Ozone fs does not show directory exists if user does not have permission to
> access
> ----------------------------------------------------------------------------------
>
> Key: HDDS-7266
> URL: https://issues.apache.org/jira/browse/HDDS-7266
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Neil Joshi
> Priority: Major
>
> Using ozone fs with {*}_ranger authorizer_{*}, users having a deny policy for
> a directory that list the directory are not displayed when listing , ozone fs
> -ls /vol1. This is *_unexpected_* and can alarm the users that the directory
> and its contents have been lost.
> What *_is expected_* is showing the directory even if the user does have
> access permissions, but when the user accesses the directory it receives a
> permission error.
>
>
> {code:java}
> given volume: vol1, bucket: bucket1 and key: hosts,
> /vol1/bucket1/hosts
> when bucket1 is part of a ranger deny policy for a user what occurs is:
> $ozone sh key info /vol1/bucket1/hosts
> PERMISSION_DENIED User <user> doesn't have READ permission to access bucket
> Volume:vol1 Bucket:bucket1
> This is what is expected. For ozone fs accesses however what occurs is:
> $ozone fs -ls /vol1/bucket1/
> ls: /vol1/bucket1/: No such file or directory
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
