Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2717

Add an environment variable for username override in non-secure clusters

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.10.0
    • security, util
    • None

    Description

      If a cluster isn't secure, then using the current Unix username isn't a strong identity. However, we still perform authorization based on that username. This makes it inconvenient to run tools like 'ksck' from a regular user account – you end up needing to 'sudo -u kudu' before doing so, and if running from a remote machine there might not even be such a user.

      Given that the local username isn't a strong identity anyways (someone could always recompile kudu or use LD_PRELOAD to override it), let's provide an environment variable KUDU_USER_NAME that can perform a similar override.

      Attachments

        Activity

          People

            tlipcon Todd Lipcon
            tlipcon Todd Lipcon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: