[jira] [Updated] (HDDS-7920) User cannot list their volumes without access to root volume /

Tue, 07 Feb 2023 15:01:07 -0800 


     [ 
https://issues.apache.org/jira/browse/HDDS-7920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Duong updated HDDS-7920:
------------------------
    Description: 
This is a regression from HDDS-7498, which adds a check to *listVolumeByUser* 
API.
if (userName == null) \{
  userName = UserGroupInformation.getCurrentUser().getUserName();
}
The check for the same user uses {_}UserGroupInformation.getShortUserName{_}, 
while on the client side (CLI), when _--user_ is not specified, 
_UserGroupInformation.getUserName_ is used.
{code:java}
if (userName == null) {
  userName = UserGroupInformation.getCurrentUser().getUserName();
}{code}
This results in a situation in which any user with shortName different from 
userName will need access to the `/` volume. 

 

  was:
This is a regression from HDDS-7498, which adds a check to listVolumeByUser API.
    // if not admin nor list my own volumes, check ACL.    String 
remoteUserName = remoteUserUgi.getShortUserName();
    if (!remoteUserName.equals(userName) && !isAdmin(remoteUserUgi)) {
        checkAcls(ResourceType.VOLUME, StoreType.OZONE, ACLType.LIST,
                  OzoneConsts.OZONE_ROOT, null, null);
    } 
The check for the same user uses {_}UserGroupInformation.getShortUserName{_}, 
while on the client side (CLI), when _--user_ is not specified, 
_UserGroupInformation.getUserName_ is used.
{code:java}
if (userName == null) {
  userName = UserGroupInformation.getCurrentUser().getUserName();
}{code}
This results in a situation in which any user with shortName different from 
userName will need access to the `/` volume. 

 


> User cannot list their volumes without access to root volume /
> --------------------------------------------------------------
>
>                 Key: HDDS-7920
>                 URL: https://issues.apache.org/jira/browse/HDDS-7920
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: OM
>    Affects Versions: 1.3.0
>            Reporter: Duong
>            Assignee: Duong
>            Priority: Major
>
> This is a regression from HDDS-7498, which adds a check to *listVolumeByUser* 
> API.
> if (userName == null) \{
>   userName = UserGroupInformation.getCurrentUser().getUserName();
> }
> The check for the same user uses {_}UserGroupInformation.getShortUserName{_}, 
> while on the client side (CLI), when _--user_ is not specified, 
> _UserGroupInformation.getUserName_ is used.
> {code:java}
> if (userName == null) {
>   userName = UserGroupInformation.getCurrentUser().getUserName();
> }{code}
> This results in a situation in which any user with shortName different from 
> userName will need access to the `/` volume. 
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to