Hadoop Common
  1. Hadoop Common
  2. HADOOP-2659

The commands in DFSAdmin should require admin privilege

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.16.0
    • Component/s: None
    • Labels:
      None

      Description

      The commands in DFSAdmin and the corresponding RPC calls should require admin privilege.

      DFSAdmin commands:
      -report
      -safemode
      -refreshNodes
      -finalizeUpgrade
      -upgradeProgress
      -metasave

      ClientProtocol:

      public void renewLease(String clientName) throws IOException;
      public long[] getStats() throws IOException;
      public DatanodeInfo[] getDatanodeReport(FSConstants.DatanodeReportType type) throws IOException;
      public boolean setSafeMode(FSConstants.SafeModeAction action) throws IOException;
      public void refreshNodes() throws IOException;
      public void finalizeUpgrade() throws IOException;
      public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action) throws IOException;
      public void metaSave(String filename) throws IOException;
      
      1. 2659_20080122.patch
        5 kB
        Tsz Wo Nicholas Sze
      2. 2659_20080118b.patch
        5 kB
        Tsz Wo Nicholas Sze
      3. 2659_20080118.patch
        5 kB
        Tsz Wo Nicholas Sze

        Issue Links

          Activity

          Owen O'Malley made changes -
          Component/s dfs [ 12310710 ]
          Brian Bockelman made changes -
          Link This issue relates to HADOOP-4368 [ HADOOP-4368 ]
          Nigel Daley made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Hide
          Hudson added a comment -
          Show
          Hudson added a comment - Integrated in Hadoop-Nightly #374 (See http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Nightly/374/ )
          Hide
          Hudson added a comment -
          Show
          Hudson added a comment - Integrated in Hadoop-trunk #374 (See http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/374/ )
          Konstantin Shvachko made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          Konstantin Shvachko added a comment -

          I just committed this. Thank you Nicholas.

          Show
          Konstantin Shvachko added a comment - I just committed this. Thank you Nicholas.
          Nigel Daley made changes -
          Fix Version/s 0.16.0 [ 12312740 ]
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12373773/2659_20080122.patch
          against trunk revision r614301.

          @author +1. The patch does not contain any @author tags.

          javadoc +1. The javadoc tool did not generate any warning messages.

          javac +1. The applied patch does not generate any new compiler warnings.

          findbugs +1. The patch does not introduce any new Findbugs warnings.

          core tests +1. The patch passed core unit tests.

          contrib tests +1. The patch passed contrib unit tests.

          Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/testReport/
          Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12373773/2659_20080122.patch against trunk revision r614301. @author +1. The patch does not contain any @author tags. javadoc +1. The javadoc tool did not generate any warning messages. javac +1. The applied patch does not generate any new compiler warnings. findbugs +1. The patch does not introduce any new Findbugs warnings. core tests +1. The patch passed core unit tests. contrib tests +1. The patch passed contrib unit tests. Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/testReport/ Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/artifact/trunk/build/test/checkstyle-errors.html Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1678/console This message is automatically generated.
          Tsz Wo Nicholas Sze made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Tsz Wo Nicholas Sze made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 2659_20080122.patch [ 12373773 ]
          Hide
          Tsz Wo Nicholas Sze added a comment -

          2659_20080122.patch: It checks superuser privilege only if permission is enabled.

          Show
          Tsz Wo Nicholas Sze added a comment - 2659_20080122.patch: It checks superuser privilege only if permission is enabled.
          Hide
          Konstantin Shvachko added a comment -

          As Rob pointed out for backward compatibility when permission checking is not enabled users should be able to perform the admin commands even if they are not superusers.

          Show
          Konstantin Shvachko added a comment - As Rob pointed out for backward compatibility when permission checking is not enabled users should be able to perform the admin commands even if they are not superusers.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12373580/2659_20080118b.patch
          against trunk revision r613499.

          @author +1. The patch does not contain any @author tags.

          javadoc +1. The javadoc tool did not generate any warning messages.

          javac +1. The applied patch does not generate any new compiler warnings.

          findbugs +1. The patch does not introduce any new Findbugs warnings.

          core tests +1. The patch passed core unit tests.

          contrib tests +1. The patch passed contrib unit tests.

          Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/testReport/
          Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12373580/2659_20080118b.patch against trunk revision r613499. @author +1. The patch does not contain any @author tags. javadoc +1. The javadoc tool did not generate any warning messages. javac +1. The applied patch does not generate any new compiler warnings. findbugs +1. The patch does not introduce any new Findbugs warnings. core tests +1. The patch passed core unit tests. contrib tests +1. The patch passed contrib unit tests. Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/testReport/ Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/artifact/trunk/build/test/checkstyle-errors.html Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/1659/console This message is automatically generated.
          Tsz Wo Nicholas Sze made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Konstantin Shvachko added a comment -

          +1

          Show
          Konstantin Shvachko added a comment - +1
          Tsz Wo Nicholas Sze made changes -
          Attachment 2659_20080118b.patch [ 12373580 ]
          Hide
          Tsz Wo Nicholas Sze added a comment -

          2659_20080118b.patch: updated patch with Konstantin's comments

          Show
          Tsz Wo Nicholas Sze added a comment - 2659_20080118b.patch: updated patch with Konstantin's comments
          Hide
          Konstantin Shvachko added a comment -
          • renewLease() does not seem to be ab admin command.
          • distributedUpgradeProgress() is called by DFSAdmin and by JspHelper.
            In the DFSAdmin case it should be protected, but web UI does not need to have have super-user privileges.
            For consistency I would propose just to treat this operation available to all users in all cases.
            I do not see how knowing the upgrade stage can threaten the system security. Or does it?
          • I'd prefer a full name checkSuperuserPermissions() instead of checkIsSuper().
          • import of FSConstants.SafeModeAction is redundant because FSNamesystem inherits FSConstants.
          Show
          Konstantin Shvachko added a comment - renewLease() does not seem to be ab admin command. distributedUpgradeProgress() is called by DFSAdmin and by JspHelper. In the DFSAdmin case it should be protected, but web UI does not need to have have super-user privileges. For consistency I would propose just to treat this operation available to all users in all cases. I do not see how knowing the upgrade stage can threaten the system security. Or does it? I'd prefer a full name checkSuperuserPermissions() instead of checkIsSuper(). import of FSConstants.SafeModeAction is redundant because FSNamesystem inherits FSConstants.
          Tsz Wo Nicholas Sze made changes -
          Component/s dfs [ 12310710 ]
          Description The commands in DFSAdmin and the corresponding RPC calls should require admin privilege. The commands in DFSAdmin and the corresponding RPC calls should require admin privilege.

          DFSAdmin commands:
          -report
          -safemode
          -refreshNodes
          -finalizeUpgrade
          -upgradeProgress
          -metasave

          ClientProtocol:
          {code}
          public void renewLease(String clientName) throws IOException;
          public long[] getStats() throws IOException;
          public DatanodeInfo[] getDatanodeReport(FSConstants.DatanodeReportType type) throws IOException;
          public boolean setSafeMode(FSConstants.SafeModeAction action) throws IOException;
          public void refreshNodes() throws IOException;
          public void finalizeUpgrade() throws IOException;
          public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action) throws IOException;
          public void metaSave(String filename) throws IOException;
          {code}
          Tsz Wo Nicholas Sze made changes -
          Field Original Value New Value
          Attachment 2659_20080118.patch [ 12373560 ]
          Tsz Wo Nicholas Sze created issue -

            People

            • Assignee:
              Tsz Wo Nicholas Sze
              Reporter:
              Tsz Wo Nicholas Sze
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development