You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Qiang Zhang (JIRA)" <ji...@apache.org> on 2017/03/10 01:44:38 UTC
[jira] [Updated] (RANGER-1386) ranger hdfs-plugin function not
revoked after execute disable-hdfs-plugin.sh which cause hadoop-hdfs
authorization failed.
[ https://issues.apache.org/jira/browse/RANGER-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Qiang Zhang updated RANGER-1386:
--------------------------------
Attachment: (was: 0001-RANGER-1386.patch)
> ranger hdfs-plugin function not revoked after execute disable-hdfs-plugin.sh which cause hadoop-hdfs authorization failed.
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1386
> URL: https://issues.apache.org/jira/browse/RANGER-1386
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Attachments: 0001-RANGER-1386.patch
>
>
> steps:
> 1.User yuwen does't has the permission to put a.txt in hdfs Catalog /test
> [yuwen@zdh41 bin]$ ./hdfs dfs -put /home/xiehh/a.txt /test
> put: Permission denied: user=yuwen, access=WRITE, inode="/test/a.txt._COPYING_":xiehh:supergroup:drwxr-xr-x
> 2.Execute enable-hdfs-plugin.sh and Restart hadoop-hdfs, ranger authorization control enabled.
> We add policy to give permission for user yuwen to put a file in web UI.
> [yuwen@zdh41 bin]$ ./hdfs dfs -put /home/xiehh/a.txt /test
> [yuwen@zdh41 bin]$ ./hdfs dfs -ls /test
> Found 1 items
> -rw-r--r-- 3 yuwen supergroup 15 2017-02-20 17:07 /test/a.txt
> 3. Execute disable-hdfs-plugin.sh and Restart hadoop-hdfs
> user yuwen shouldn't have the permission to put a file in Catalog /test
> but he also has the rights ,ranger hdfs-plugin function not revoked
> This is a serious problem which cause hadoop-hdfs authorization failed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)