[jira] [Created] (HDFS-10422) Do not throw AccessControlException for {{security.hdfs.unreadable.by.superuser}} ops

Tue, 17 May 2016 18:27:31 -0700 

Tianyin Xu created HDFS-10422:
---------------------------------

             Summary: Do not throw AccessControlException for 
{{security.hdfs.unreadable.by.superuser}} ops
                 Key: HDFS-10422
                 URL: https://issues.apache.org/jira/browse/HDFS-10422
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: namenode
    Affects Versions: 2.7.2
            Reporter: Tianyin Xu


The xattr {{security.hdfs.unreadable.by.superuser}} has certain syntax rules: 
"this xattr is also write-once, and cannot be removed once set. This xattr does 
not allow a value to be set."
[https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/ExtendedAttributes.html]

Upon violation, the system should throw {{IllegalArgumentException}}, the same 
behaviour like the other xattrs such as {{raw.hdfs.crypto.encryption.zone}}. 

Currently, it always throws {{AccessControlException}} which is supposed to be 
something related to access control. The only case {{AccessControlException}} 
should be thrown is when the superuser tries to access the file, but *not* 
anything else. 

If the user set any value, it violates the syntax of the xattr (this xattr does 
not need values) which has nothing to do with access control:
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
    if (XAttrHelper.getPrefixedName(xAttr).
        equals(SECURITY_XATTR_UNREADABLE_BY_SUPERUSER)) {
      if (xAttr.getValue() != null) {
        throw new AccessControlException("Attempt to set a value for '" +
            SECURITY_XATTR_UNREADABLE_BY_SUPERUSER +
            "'. Values are not allowed for this xattr.");
      }   
      return;
    }   
{code} 
\\

Similarly, if the user wants to remove the xattr, it should throw 
{{IllegalArgumentException}} just like the encryption xattr in the following 
code. Basically I don't understand why the encryption xattr throws an 
{{IllegalArgumentException}} (via the {{checkArgument}} call) but the 
{{security.hdfs.unreadable.by.superuser}} xattr throws an 
{{AccessControlException}}. It's the same thing here: both of them cannot be 
removed...
{code:title=XAttrPermissionFilter.java|borderStyle=solid}
        Preconditions.checkArgument(
            !KEYID_XATTR.equalsIgnoreValue(filter),
            "The encryption zone xattr should never be deleted.");
        if (UNREADABLE_BY_SUPERUSER_XATTR.equalsIgnoreValue(filter)) {
          throw new AccessControlException("The xattr '" +
              SECURITY_XATTR_UNREADABLE_BY_SUPERUSER + "' can not be deleted.");
        }   
{code} 





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

Reply via email to