[HADOOP-14581] Restrict setOwner to list of user when security is enabled in wasb - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0-alpha3
Fix Version/s: 2.9.0, 3.0.0-beta1
Component/s: fs/azure
Labels:
- azure
- fs
- secure
- wasb

Description

Currently in azure FS, setOwner api is exposed to all the users accessing the file system.
When Authorization is enabled, access to some files/folders is given to particular users based on whether the user is the owner of the file.
So setOwner has to be restricted to limited set of users to prevent users from exploiting owner based authorization of files and folders.

Introducing a new config called fs.azure.chown.allowed.userlist which is a comma seperated list of users who are allowed to perform chown operation when authorization is enabled.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14581.1.patch
23/Jun/17 16:25
9 kB
Varada Hemeswari
HADOOP-14581.2.patch
29/Jun/17 16:02
11 kB
Varada Hemeswari
HADOOP-14581-003.patch
11/Jul/17 11:51
11 kB
Steve Loughran
HADOOP-14581.4.patch
12/Jul/17 06:22
12 kB
Varada Hemeswari

Issue Links

is depended upon by

HADOOP-14552 Über-jira: WASB client phase II: performance and testing

Resolved

Activity

People

Assignee:: Varada Hemeswari

Reporter:: Varada Hemeswari

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 28/Jun/17

Created:: 23/Jun/17 15:49

Updated:: 12/Jul/17 10:09

Resolved:: 12/Jul/17 09:38