You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/10/05 03:55:30 UTC

[jira] [Updated] (STORM-509) (Security) Make groups checking specific for SimpleACLAuthorizer.

     [ https://issues.apache.org/jira/browse/STORM-509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rick Kellogg updated STORM-509:
-------------------------------
    Component/s: storm-core

> (Security) Make groups checking specific for SimpleACLAuthorizer.
> -----------------------------------------------------------------
>
>                 Key: STORM-509
>                 URL: https://issues.apache.org/jira/browse/STORM-509
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>    Affects Versions: 0.10.0
>            Reporter: Robert Joseph Evans
>            Assignee: Sriharsha Chintalapani
>            Priority: Critical
>             Fix For: 0.10.0
>
>
> SimpleACLAuthorizer has groups support right now, but it only validates that the user performing an action and the user running the topology have at least one group in common. This is far from ideal, because unix groups are often used to denote OS System permissions and there is typically a users group that everyone belongs to.  We really should have a separate set of configs for the explicit groups that we want to grant permissions to, instead of the groups the user is a part of.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)