Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13194

CachePool permissions incorrectly checked

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0, 2.10.0
    • Component/s: None
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      The permissions of CachePool incorrectly checked. The checking logic:

        public void checkPermission(CachePool pool, FsAction access)
            throws AccessControlException {
          FsPermission mode = pool.getMode();
          if (isSuperUser()) {
            return;
          }
          if (getUser().equals(pool.getOwnerName())
              && mode.getUserAction().implies(access)) {
            return;
          }
          if (isMemberOfGroup(pool.getGroupName())
              && mode.getGroupAction().implies(access)) {
            return;
          }
          // Following line seems incorrect,
          // we should ensure current user is not belong the pool's owner or pool's group.
          if (mode.getOtherAction().implies(access)) {
            return;
          }
          throw new AccessControlException("Permission denied while accessing pool "
              + pool.getPoolName() + ": user " + getUser() + " does not have "
              + access.toString() + " permissions.");
        }
      

      For example one corner case, a cachepool (owner: test, group,test-group, permission mode:------rwx(007)), then one user which named "test" or whose group is "test-group" can both access this pool. But actually this is not allowed since permission for its owner or group is none.

       The behavior of checking other user should be updated like this:

          if (!getUser().equals(pool.getOwnerName())
              && !isMemberOfGroup(pool.getGroupName())
              && mode.getOtherAction().implies(access)) {
            return;
          }
      

        Attachments

        1. HDFS-13194.001.patch
          5 kB
          Jianfei Jiang
        2. HDFS-13194.002.patch
          3 kB
          Jianfei Jiang

          Activity

            People

            • Assignee:
              jiangjianfei Jianfei Jiang
              Reporter:
              linyiqun Yiqun Lin
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: