Hadoop Common
  1. Hadoop Common
  2. HADOOP-2659

The commands in DFSAdmin should require admin privilege

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.16.0
    • Component/s: None
    • Labels:
      None

      Description

      The commands in DFSAdmin and the corresponding RPC calls should require admin privilege.

      DFSAdmin commands:
      -report
      -safemode
      -refreshNodes
      -finalizeUpgrade
      -upgradeProgress
      -metasave

      ClientProtocol:

      public void renewLease(String clientName) throws IOException;
      public long[] getStats() throws IOException;
      public DatanodeInfo[] getDatanodeReport(FSConstants.DatanodeReportType type) throws IOException;
      public boolean setSafeMode(FSConstants.SafeModeAction action) throws IOException;
      public void refreshNodes() throws IOException;
      public void finalizeUpgrade() throws IOException;
      public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action) throws IOException;
      public void metaSave(String filename) throws IOException;
      
      1. 2659_20080122.patch
        5 kB
        Tsz Wo Nicholas Sze
      2. 2659_20080118b.patch
        5 kB
        Tsz Wo Nicholas Sze
      3. 2659_20080118.patch
        5 kB
        Tsz Wo Nicholas Sze

        Issue Links

          Activity

          Tsz Wo Nicholas Sze created issue -
          Tsz Wo Nicholas Sze made changes -
          Field Original Value New Value
          Attachment 2659_20080118.patch [ 12373560 ]
          Tsz Wo Nicholas Sze made changes -
          Component/s dfs [ 12310710 ]
          Description The commands in DFSAdmin and the corresponding RPC calls should require admin privilege. The commands in DFSAdmin and the corresponding RPC calls should require admin privilege.

          DFSAdmin commands:
          -report
          -safemode
          -refreshNodes
          -finalizeUpgrade
          -upgradeProgress
          -metasave

          ClientProtocol:
          {code}
          public void renewLease(String clientName) throws IOException;
          public long[] getStats() throws IOException;
          public DatanodeInfo[] getDatanodeReport(FSConstants.DatanodeReportType type) throws IOException;
          public boolean setSafeMode(FSConstants.SafeModeAction action) throws IOException;
          public void refreshNodes() throws IOException;
          public void finalizeUpgrade() throws IOException;
          public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action) throws IOException;
          public void metaSave(String filename) throws IOException;
          {code}
          Hide
          Konstantin Shvachko added a comment -
          • renewLease() does not seem to be ab admin command.
          • distributedUpgradeProgress() is called by DFSAdmin and by JspHelper.
            In the DFSAdmin case it should be protected, but web UI does not need to have have super-user privileges.
            For consistency I would propose just to treat this operation available to all users in all cases.
            I do not see how knowing the upgrade stage can threaten the system security. Or does it?
          • I'd prefer a full name checkSuperuserPermissions() instead of checkIsSuper().
          • import of FSConstants.SafeModeAction is redundant because FSNamesystem inherits FSConstants.
          Show
          Konstantin Shvachko added a comment - renewLease() does not seem to be ab admin command. distributedUpgradeProgress() is called by DFSAdmin and by JspHelper. In the DFSAdmin case it should be protected, but web UI does not need to have have super-user privileges. For consistency I would propose just to treat this operation available to all users in all cases. I do not see how knowing the upgrade stage can threaten the system security. Or does it? I'd prefer a full name checkSuperuserPermissions() instead of checkIsSuper(). import of FSConstants.SafeModeAction is redundant because FSNamesystem inherits FSConstants.
          Hide
          Tsz Wo Nicholas Sze added a comment -

          2659_20080118b.patch: updated patch with Konstantin's comments

          Show
          Tsz Wo Nicholas Sze added a comment - 2659_20080118b.patch: updated patch with Konstantin's comments
          Tsz Wo Nicholas Sze made changes -
          Attachment 2659_20080118b.patch [ 12373580 ]
          Hide
          Konstantin Shvachko added a comment -

          +1

          Show
          Konstantin Shvachko added a comment - +1
          Tsz Wo Nicholas Sze made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12373580/2659_20080118b.patch
          against trunk revision r613499.

          @author +1. The patch does not contain any @author tags.

          javadoc +1. The javadoc tool did not generate any warning messages.

          javac +1. The applied patch does not generate any new compiler warnings.

          findbugs +1. The patch does not introduce any new Findbugs warnings.

          core tests +1. The patch passed core unit tests.

          contrib tests +1. The patch passed contrib unit tests.

          Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/testReport/
          Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12373580/2659_20080118b.patch against trunk revision r613499. @author +1. The patch does not contain any @author tags. javadoc +1. The javadoc tool did not generate any warning messages. javac +1. The applied patch does not generate any new compiler warnings. findbugs +1. The patch does not introduce any new Findbugs warnings. core tests +1. The patch passed core unit tests. contrib tests +1. The patch passed contrib unit tests. Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/testReport/ Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/checkstyle-errors.html Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/console This message is automatically generated.
          Hide
          Konstantin Shvachko added a comment -

          As Rob pointed out for backward compatibility when permission checking is not enabled users should be able to perform the admin commands even if they are not superusers.

          Show
          Konstantin Shvachko added a comment - As Rob pointed out for backward compatibility when permission checking is not enabled users should be able to perform the admin commands even if they are not superusers.
          Hide
          Tsz Wo Nicholas Sze added a comment -

          2659_20080122.patch: It checks superuser privilege only if permission is enabled.

          Show
          Tsz Wo Nicholas Sze added a comment - 2659_20080122.patch: It checks superuser privilege only if permission is enabled.
          Tsz Wo Nicholas Sze made changes -
          Attachment 2659_20080122.patch [ 12373773 ]
          Tsz Wo Nicholas Sze made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Tsz Wo Nicholas Sze made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12373773/2659_20080122.patch
          against trunk revision r614301.

          @author +1. The patch does not contain any @author tags.

          javadoc +1. The javadoc tool did not generate any warning messages.

          javac +1. The applied patch does not generate any new compiler warnings.

          findbugs +1. The patch does not introduce any new Findbugs warnings.

          core tests +1. The patch passed core unit tests.

          contrib tests +1. The patch passed contrib unit tests.

          Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/testReport/
          Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12373773/2659_20080122.patch against trunk revision r614301. @author +1. The patch does not contain any @author tags. javadoc +1. The javadoc tool did not generate any warning messages. javac +1. The applied patch does not generate any new compiler warnings. findbugs +1. The patch does not introduce any new Findbugs warnings. core tests +1. The patch passed core unit tests. contrib tests +1. The patch passed contrib unit tests. Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/testReport/ Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/checkstyle-errors.html Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/console This message is automatically generated.
          Nigel Daley made changes -
          Fix Version/s 0.16.0 [ 12312740 ]
          Hide
          Konstantin Shvachko added a comment -

          I just committed this. Thank you Nicholas.

          Show
          Konstantin Shvachko added a comment - I just committed this. Thank you Nicholas.
          Konstantin Shvachko made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          Hudson added a comment -
          Show
          Hudson added a comment - Integrated in Hadoop-trunk #374 (See http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/374/ )
          Hide
          Hudson added a comment -
          Show
          Hudson added a comment - Integrated in Hadoop-Nightly #374 (See http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Nightly/374/ )
          Nigel Daley made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Brian Bockelman made changes -
          Link This issue relates to HADOOP-4368 [ HADOOP-4368 ]
          Owen O'Malley made changes -
          Component/s dfs [ 12310710 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Patch Available Patch Available Open Open
          3d 18h 43m 1 Tsz Wo Nicholas Sze 22/Jan/08 19:14
          Open Open Patch Available Patch Available
          4h 55m 2 Tsz Wo Nicholas Sze 22/Jan/08 19:14
          Patch Available Patch Available Resolved Resolved
          7h 6m 1 Konstantin Shvachko 23/Jan/08 02:21
          Resolved Resolved Closed Closed
          16d 21h 16m 1 Nigel Daley 08/Feb/08 23:38

            People

            • Assignee:
              Tsz Wo Nicholas Sze
              Reporter:
              Tsz Wo Nicholas Sze
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development