xiaoyuyao commented on a change in pull request #1829: HDFS-14743. Enhance
INodeAttributeProvider/ AccessControlEnforcer Interface in HDFS to support
Authorization of mkdir, rm, rmdir, copy, move etc...
URL: https://github.com/apache/hadoop/pull/1829#discussion_r391173121
##########
File path:
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
##########
@@ -1982,6 +1982,7 @@ void setPermission(String src, FsPermission permission)
throws IOException {
FileStatus auditStat;
checkOperation(OperationCategory.WRITE);
final FSPermissionChecker pc = getPermissionChecker();
+ FSPermissionChecker.setOperationType(operationName);
Review comment:
There are other places that need to be patched with setOperationType After
HDFS-7416 refactor, not all permission check is done in FSN.
Here is the list of missed ones:
FSDirSymlinkOp#createSymlinkInt()
NameNodeAdapter#getFileInfo()
NamenodeFsck#getBlockLocations()
FSNDNCache#addCacheDirective/removeCacheDirective/modifyCacheDirective/listCacheDirectives/listCachePools
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
