You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/12/12 16:31:00 UTC
[jira] [Commented] (MESOS-8322) Authorization failure message from
the master should include the subject.
[ https://issues.apache.org/jira/browse/MESOS-8322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16287835#comment-16287835 ]
Till Toenshoff commented on MESOS-8322:
---------------------------------------
So we should add the {{frameworkInfo->principal}} within the string that gets rendered here: https://github.com/apache/mesos/blob/master/src/master/master.cpp#L4901
> Authorization failure message from the master should include the subject.
> -------------------------------------------------------------------------
>
> Key: MESOS-8322
> URL: https://issues.apache.org/jira/browse/MESOS-8322
> Project: Mesos
> Issue Type: Improvement
> Components: master
> Affects Versions: 1.5.0
> Reporter: Till Toenshoff
> Assignee: Alexander Rukletsov
> Priority: Minor
> Labels: security
>
> When trying to run a task owned by a framework principal that lacks specific rights for the task-user in question, it would be much more helpful if the Mesos master would actually supply the framework principal (aka Subject) within the error message.
> Currently what I see is reason strings like this:
> {{Not authorized to launch as user 'nobody'}}
> Whereas I think it would be much more helpful if we included the subject like this:
> {{SUBJECT is not authorized to launch tasks as user 'OBJECT'}}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)