You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Ethan Rose (Jira)" <ji...@apache.org> on 2021/10/20 20:35:10 UTC
[jira] [Updated] (HDDS-4709) Default ACL of newly created volumes
[ https://issues.apache.org/jira/browse/HDDS-4709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Rose updated HDDS-4709:
-----------------------------
Target Version/s: 1.3.0 (was: 1.2.0)
I am managing the 1.2.0 release and we currently have more than 600 issues targeted for 1.2.0. I am moving the target field to 1.3.0.
If you are actively working on this jira and believe this should be targeted for the 1.2.0 release, Please reach out to me via Apache email or Slack.
> Default ACL of newly created volumes
> ------------------------------------
>
> Key: HDDS-4709
> URL: https://issues.apache.org/jira/browse/HDDS-4709
> Project: Apache Ozone
> Issue Type: New Feature
> Components: Ozone Filesystem
> Affects Versions: 1.0.0
> Reporter: UENISHI Kota
> Priority: Major
>
> When a new volume is created with "-u" option (e.g. "ozone sh create volume -u <username> <volume>" ), the default ACL of the volume consists of a list of groups, with "all" permission. For example, if a user belongs to groups named "alpha", "bravo" and "charlie", the ACL of newly created volume will be:
> * alpha:*:a
> * bravo:*:a
> * charlie:*:a
> This is not safe, because in many cases we don't know who others are in those groups. I would feel natural if they are "alpha:*:xlr" (which is like HDFS and Unix default permissions 644 or 755), or if no permissions are given to groups like S3.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org