You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2021/08/06 08:59:23 UTC
[GitHub] [ozone] zhengchenyu edited a comment on pull request #2466: HDDS-5043. Can't list volume accurately in secure mode
zhengchenyu edited a comment on pull request #2466:
URL: https://github.com/apache/ozone/pull/2466#issuecomment-894113378
> @zhengchenyu failure in _acceptance (secure)_ seems related to this change. Can you please check?
>
> ```
> Can follow link with read access | FAIL |
> 'PERMISSION_DENIED User testuser2/scm@EXAMPLE.COM doesn't have READ permission to access volume 71945-target null null' does not contain 'key-in-readable-bucket'
> ```
Yes, I found it. the setup of test like below:
```
Execute ozone sh volume addacl --acl user:testuser2/scm@EXAMPLE.COM:r ${target}
Execute ozone sh volume addacl --acl user:testuser2/scm@EXAMPLE.COM:rl ${source}
Execute ozone sh bucket addacl --acl user:testuser2/scm@EXAMPLE.COM:rl ${source}/readable-bucket
Execute ozone sh bucket addacl --acl user:testuser2/scm@EXAMPLE.COM:r ${target}/readable-link
Execute ozone sh bucket addacl --acl user:testuser2/scm@EXAMPLE.COM:r ${target}/link-to-unreadable-bucket
```
I think it is reasonable that set acl with testuser2. But if someone set acl with testuser2/scm@EXAMPLE.COM, I think we need make sure that this setting is only for testuser2/scm@EXAMPLE.COM, but not for testuser2 in other host.
I have fix it, Let's wait to check.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org