You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2014/10/27 21:18:34 UTC

[jira] [Resolved] (STORM-509) (Security) Make groups checking specific for SimpleACLAuthorizer.

     [ https://issues.apache.org/jira/browse/STORM-509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Joseph Evans resolved STORM-509.
---------------------------------------
       Resolution: Fixed
    Fix Version/s: 0.10.0

Sorry this took so long, I pulled this into the security branch.

> (Security) Make groups checking specific for SimpleACLAuthorizer.
> -----------------------------------------------------------------
>
>                 Key: STORM-509
>                 URL: https://issues.apache.org/jira/browse/STORM-509
>             Project: Apache Storm
>          Issue Type: Bug
>    Affects Versions: 0.10.0
>            Reporter: Robert Joseph Evans
>            Assignee: Sriharsha Chintalapani
>            Priority: Critical
>             Fix For: 0.10.0
>
>
> SimpleACLAuthorizer has groups support right now, but it only validates that the user performing an action and the user running the topology have at least one group in common. This is far from ideal, because unix groups are often used to denote OS System permissions and there is typically a users group that everyone belongs to.  We really should have a separate set of configs for the explicit groups that we want to grant permissions to, instead of the groups the user is a part of.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)