You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2019/02/27 23:17:00 UTC

[jira] [Created] (KUDU-2717) Add an environment variable for username override in non-secure clusters

Todd Lipcon created KUDU-2717:
---------------------------------

             Summary: Add an environment variable for username override in non-secure clusters
                 Key: KUDU-2717
                 URL: https://issues.apache.org/jira/browse/KUDU-2717
             Project: Kudu
          Issue Type: Improvement
          Components: security, util
            Reporter: Todd Lipcon


If a cluster isn't secure, then using the current Unix username isn't a strong identity. However, we still perform authorization based on that username. This makes it inconvenient to run tools like 'ksck' from a regular user account -- you end up needing to 'sudo -u kudu' before doing so, and if running from a remote machine there might not even be such a user.

Given that the local username isn't a strong identity anyways (someone could always recompile kudu or use LD_PRELOAD to override it), let's provide an environment variable KUDU_USER_NAME that can perform a similar override.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)