You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Ted Yu (JIRA)" <ji...@apache.org> on 2016/05/20 23:37:12 UTC
[jira] [Created] (HBASE-15873) ACL for snapshot restore is not
enforced
Ted Yu created HBASE-15873:
------------------------------
Summary: ACL for snapshot restore is not enforced
Key: HBASE-15873
URL: https://issues.apache.org/jira/browse/HBASE-15873
Project: HBase
Issue Type: Bug
Affects Versions: 1.1.0
Reporter: Ted Yu
Assignee: Ted Yu
Priority: Critical
[~romil.choksi] reported that snapshot owner couldn't restore snapshot on hbase 1.1
We saw the following in master log:
{code}
2016-05-20 00:22:17,186 DEBUG [B.defaultRpcServer.handler=23,queue=2,port=20000] ipc.RpcServer: B.defaultRpcServer.handler=23,queue=2,port=20000: callId: 15 service: MasterService methodName: RestoreSnapshot size: 70 connection: x.y:56508
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'hrt_1' (global, action=ADMIN)
at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:536)
at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:512)
at org.apache.hadoop.hbase.security.access.AccessController.preRestoreSnapshot(AccessController.java:1327)
at org.apache.hadoop.hbase.master.MasterCoprocessorHost$73.call(MasterCoprocessorHost.java:881)
at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1146)
at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRestoreSnapshot(MasterCoprocessorHost.java:877)
at org.apache.hadoop.hbase.master.snapshot.SnapshotManager.restoreSnapshot(SnapshotManager.java:726)
{code}
After adding some debug information, it turned out that the (request) SnapshotDescription passed to the method doesn't have owner set.
This problem doesn't exist in master branch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)