smengcl commented on code in PR #3971:
URL: https://github.com/apache/ozone/pull/3971#discussion_r1098117151
##########
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java:
##########
@@ -2665,6 +2665,12 @@ public List<OmVolumeArgs> listVolumeByUser(String
userName, String prefix,
try {
metrics.incNumVolumeLists();
if (isAclEnabled) {
+ String remoteUserName = remoteUserUgi.getShortUserName();
+ // if not admin nor list my own volumes, check ACL.
+ if (!remoteUserName.equals(userName) && !isAdmin(remoteUserUgi)) {
Review Comment:
> The original problem is: volumes are returned to unauthorized users. Why
don't we just filter volumes to only return those that the requesting user
(remoteUserUgi) has access to?
Hi @duongkame , I understand your thought of returning the **intersection**
of volumes that both users has LIST permission to. But IMO that would lead to
further confusing behavior, and would expose some of the volumes the other user
has LIST permission to (partially leaking ACL). Rejecting outright for
non-admin and non-owner here is what I would prefer. Unless there is a use-case
for that?
Also a note: The reason we check ACL against `OZONE_ROOT` is because of
`ozone.om.volume.listall.allowed`, where we want to mimic HDFS list `/`
behavior in ofs. When `ozone.om.volume.listall.allowed` is set to `true`,
`checkAcls(OZONE_ROOT)` would pass for every Ozone user. So everyone would be
allowed to list any other users' volumes (as expected).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
