You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2021/04/22 08:55:00 UTC

[jira] [Created] (HDDS-5138) Upgade related RPC calls shold be allowed only for admins

Marton Elek created HDDS-5138:
---------------------------------

             Summary: Upgade related RPC calls shold be allowed only for admins
                 Key: HDDS-5138
                 URL: https://issues.apache.org/jira/browse/HDDS-5138
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: Marton Elek


As far as I see any user can finalize upgrade (and I assume the same is true for preparation).

{code}
bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm
bash-4.2$ ozone sh volume create /vol1
PERMISSION_DENIED User testuser/scm@EXAMPLE.COM doesn't have CREATE 
permission to access volume vol1 null null
{code}

Failed as I am not an admin, but:

{code}
bash-4.2$ ozone admin scm  finalizeupgrade
Upgrade has already been finalized.
Exiting...
bash-4.2$
{code}

Please confirm, but I think a quick isAdmin check is missing from all the related RPC endpoints.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org