The changes from HDFS-2202 for 0.20.x/1.x failed to add in a checkSuperuserPrivilege();, and hence any user (not admins alone) can reset the balancer bandwidth across the cluster if they wished to.
setBalancerBandwidth do not checkSuperuserPrivilege
Closed upon release of Hadoop 1.2.0.
Committed to branch-1. Thanks Eli.
+1 Since this is a 1-liner no test-patch is necessary.
(Change in the patch is akin to refreshNodes in FSNameSystem. Functions in the same way, so no tests are required. Patch compiles branch-1 build locally, but let me know if test-patch is still required…)
For trunk it was handled via HDFS-3331
Patch for branch-1 that adds in the super-user privileges check akin to trunk.
Upon further research, this affects only the branch-1 code. Not an issue for trunk.