Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2717

Add an environment variable for username override in non-secure clusters

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.10.0
    • Component/s: security, util
    • Labels:
      None

      Description

      If a cluster isn't secure, then using the current Unix username isn't a strong identity. However, we still perform authorization based on that username. This makes it inconvenient to run tools like 'ksck' from a regular user account – you end up needing to 'sudo -u kudu' before doing so, and if running from a remote machine there might not even be such a user.

      Given that the local username isn't a strong identity anyways (someone could always recompile kudu or use LD_PRELOAD to override it), let's provide an environment variable KUDU_USER_NAME that can perform a similar override.

        Attachments

          Activity

            People

            • Assignee:
              tlipcon Todd Lipcon
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: