Lucene
 » 
Hadoop Lucene
 » 
Hadoop lucene-dev

 « Return to Thread: [jira] Created: (HADOOP-2659) The commands in DFSAdmin should require admin privilege

[jira] Commented: (HADOOP-2659) The commands in DFSAdmin should require admin privilege

by JIRA jira@apache.org :: Rate this Message:

Reply to Author | View in Thread


    [ https://issues.apache.org/jira/browse/HADOOP-2659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560604#action_12560604 ]

Konstantin Shvachko commented on HADOOP-2659:
---------------------------------------------

- renewLease() does not seem to be ab admin command.
- distributedUpgradeProgress() is called by DFSAdmin and by JspHelper.
In the DFSAdmin case it should be protected, but web UI does not need to have have super-user privileges.
For consistency I would propose just to treat this operation available to all users in all cases.
I do not see how knowing the upgrade stage can threaten the system security. Or does it?
- I'd prefer a full name checkSuperuserPermissions() instead of checkIsSuper().
- import of FSConstants.SafeModeAction is redundant because FSNamesystem inherits FSConstants.

> The commands in DFSAdmin should require admin privilege
> -------------------------------------------------------
>
>                 Key: HADOOP-2659
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2659
>             Project: Hadoop
>          Issue Type: Bug
>          Components: dfs
>            Reporter: Tsz Wo (Nicholas), SZE
>            Assignee: Tsz Wo (Nicholas), SZE
>         Attachments: 2659_20080118.patch
>
>
> The commands in DFSAdmin and the corresponding RPC calls should require admin privilege.
> DFSAdmin commands:
> -report
> -safemode
> -refreshNodes
> -finalizeUpgrade
> -upgradeProgress
> -metasave
> ClientProtocol:
> {code}
> public void renewLease(String clientName) throws IOException;
> public long[] getStats() throws IOException;
> public DatanodeInfo[] getDatanodeReport(FSConstants.DatanodeReportType type) throws IOException;
> public boolean setSafeMode(FSConstants.SafeModeAction action) throws IOException;
> public void refreshNodes() throws IOException;
> public void finalizeUpgrade() throws IOException;
> public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action) throws IOException;
> public void metaSave(String filename) throws IOException;
> {code}

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

 « Return to Thread: [jira] Created: (HADOOP-2659) The commands in DFSAdmin should require admin privilege

Free embeddable forum powered by Nabble Forum Help