[HADOOP-15969] ABFS: getNamespaceEnabled can fail blocking user access thru ACLs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.0
Fix Version/s: 3.3.0, 3.2.1
Component/s: fs/azure
Labels:
None

Description

The Get Filesystem Properties operation requires Read permission to the Filesystem. Read permission to the Filesystem can only be granted thru RBAC, Shared Key, or SAS. This prevents giving low privilege users access to specific files or directories within the filesystem. An administrator should be able to set an ACL on a file granting read permission to a user, without giving them read permission to the entire Filesystem.

Fortunately there is another way to determine if HNS is enabled. The Get Path Access Control (getAclStatus) operation only requires traversal access, and for the root folder / all authenticated users have traversal access.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-15969-001.patch
04/Dec/18 00:44
2 kB
Da Zhou
HADOOP-15969-002.patch
04/Dec/18 03:30
8 kB
Da Zhou
HADOOP-15969-003.patch
04/Dec/18 19:25
8 kB
Da Zhou

Activity

People

Assignee:: Da Zhou

Reporter:: Da Zhou

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 03/Dec/18 23:14

Updated:: 17/Dec/18 11:27

Resolved:: 17/Dec/18 11:06