The changes from HDFS-2202 for 0.20.x/1.x failed to add in a checkSuperuserPrivilege();, and hence any user (not admins alone) can reset the balancer bandwidth across the cluster if they wished to.
setBalancerBandwidth do not checkSuperuserPrivilege
Upon further research, this affects only the branch-1 code. Not an issue for trunk.
Patch for branch-1 that adds in the super-user privileges check akin to trunk.
For trunk it was handled via HDFS-3331
(Change in the patch is akin to refreshNodes in FSNameSystem. Functions in the same way, so no tests are required. Patch compiles branch-1 build locally, but let me know if test-patch is still required…)
+1 Since this is a 1-liner no test-patch is necessary.
Committed to branch-1. Thanks Eli.
Closed upon release of Hadoop 1.2.0.