Details
Description
We have noticed the following facts and would like to confirm whether this is the intended behavior or a problem that needs to be fixed. As of now, a bucket can be accessed by creating a symlink and applying a different ACL to another access path.
For example, in the following session, /volume-for-anonymous/bucket-a and /s3v/bucket-a are pointing to the same bucket but have different ACL settings. Is this the intended behavior of the design?
λ ~/IdeaProjects/ozone/hadoop-ozone/dist/target/ozone-1.1.0-SNAPSHOT/compose/ozone/ master docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------ ozone_datanode_1 /usr/local/bin/dumb-init - ... Up 0.0.0.0:49160->9864/tcp, 0.0.0.0:49159->9882/tcp ozone_om_1 /usr/local/bin/dumb-init - ... Up 0.0.0.0:9862->9862/tcp, 0.0.0.0:9874->9874/tcp ozone_recon_1 /usr/local/bin/dumb-init - ... Up 0.0.0.0:9888->9888/tcp ozone_s3g_1 /usr/local/bin/dumb-init - ... Up 0.0.0.0:9878->9878/tcp ozone_scm_1 /usr/local/bin/dumb-init - ... Up 0.0.0.0:9860->9860/tcp, 0.0.0.0:9876->9876/tcp λ ~/IdeaProjects/ozone/hadoop-ozone/dist/target/ozone-1.1.0-SNAPSHOT/compose/ozone/ master docker-compose exec datanode bash bash-4.2$ PATH=/opt/hadoop/bin:$PATH bash-4.2$ type ozone ozone is /opt/hadoop/bin/ozone bash-4.2$ ozone sh volume list { "metadata" : { }, "name" : "s3v", "admin" : "hadoop", "owner" : "hadoop", "quotaInBytes" : -1, "quotaInNamespace" : -1, "usedNamespace" : 0, "creationTime" : "2021-03-25T12:07:42.203Z", "modificationTime" : "2021-03-25T12:07:42.203Z", "acls" : [ { "type" : "USER", "name" : "hadoop", "aclScope" : "ACCESS", "aclList" : [ "ALL" ] }, { "type" : "GROUP", "name" : "users", "aclScope" : "ACCESS", "aclList" : [ "ALL" ] } ] } bash-4.2$ id uid=1000(hadoop) gid=100(users) groups=100(users) bash-4.2$ sudo adduser anonymous bash-4.2$ id anonymous uid=1001(anonymous) gid=1001(anonymous) groups=1001(anonymous) bash-4.2$ ozone sh volume create volume-for-anonymous bash-4.2$ ozone sh bucket create volume-for-anonymous/bucket-a bash-4.2$ ozone sh bucket setacl -a=group:anonymous:a volume-for-anonymous/bucket-a ACLs set successfully. bash-4.2$ ozone sh bucket getacl volume-for-anonymous/bucket-a [ { "type" : "GROUP", "name" : "anonymous", "aclScope" : "ACCESS", "aclList" : [ "ALL" ] } ] bash-4.2$ ozone sh bucket link /volume-for-anonymous/bucket-a /s3v/bucket-a bash-4.2$ ozone sh bucket getacl s3v/bucket-a [ { "type" : "USER", "name" : "hadoop", "aclScope" : "ACCESS", "aclList" : [ "ALL" ] }, { "type" : "GROUP", "name" : "users", "aclScope" : "ACCESS", "aclList" : [ "ALL" ] } ] bash-4.2$
Attachments
Issue Links
- is related to
-
HDDS-4715 ACL on link bucket
- Resolved