You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2021/04/22 08:55:00 UTC
[jira] [Created] (HDDS-5138) Upgade related RPC calls shold be
allowed only for admins
Marton Elek created HDDS-5138:
---------------------------------
Summary: Upgade related RPC calls shold be allowed only for admins
Key: HDDS-5138
URL: https://issues.apache.org/jira/browse/HDDS-5138
Project: Apache Ozone
Issue Type: Sub-task
Reporter: Marton Elek
As far as I see any user can finalize upgrade (and I assume the same is true for preparation).
{code}
bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm
bash-4.2$ ozone sh volume create /vol1
PERMISSION_DENIED User testuser/scm@EXAMPLE.COM doesn't have CREATE
permission to access volume vol1 null null
{code}
Failed as I am not an admin, but:
{code}
bash-4.2$ ozone admin scm finalizeupgrade
Upgrade has already been finalized.
Exiting...
bash-4.2$
{code}
Please confirm, but I think a quick isAdmin check is missing from all the related RPC endpoints.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org