This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
/
README.authz.txt
172 lines (129 loc) · 6.03 KB
/
README.authz.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
Cumulus Authz
=============
This document describes the ACL data base used inside of cumulus and the
command line tools that exist to manipulate it. Most administrators will
not need this level of detail but it is provided for those that do.
Description
-----------
This module provides a ACL abstraction to data. A SQL database is used
to track 'files' and users who have different privilege associated
with those files.
The data contained in the files themselves are stored outside of this
module. A reference to the data (a full path name, a HDFS key, etc)
is stored in the database under a module specific name similar to how
an inode stores a filesystem name and internally references raw data.
This package contains a set of admin tools managing the objects in the
database as well as a python API for interacting with the database.
Installation
------------
In the base directory there is an install.sh script. Change to the base
directory and run this script. You may provide an installation directory
to have the needed files copied to an alternative location, or it can
be run without argument and thus installed to the same directory.
The install script will use sqlite to create a database file (other data
bases can be easily used as well but there is no auto configure for them).
at <base>/etc/authz.db. This file is where all of the ACL data will be kept.
Dependencies
------------
Python 2.5
sqlite3
pysqlite3
Tools
-----
There are a few tools under the bin directory. All the tools take a --help
parameter which will provide a brief description. Below is some example
use:
# Add two new users:
$ ./bin/cloudfs-adduser.sh -n BuzzTroll
User BuzzTroll added
$ ./bin/cloudfs-adduser.sh -n TimF
User TimF added
# Add an alias (id and password) to BuzzTroll for use with s3
$ ./bin/cloudfs-adduser.sh -t s3 -a QLDVthrJ21WsWcp680PRk -k D16ZZi08lYJlLef0E2IoPKVku2qGer2A2JSM1pGhiW BuzzTroll
User BuzzTroll
Creating new alias s3:QLDVthrJ21WsWcp680PRk
updated the alias key
# list all the current users and alias
$ ./bin/cloudfs-list-user.sh -a
User BuzzTroll
s3 alias: QLDVthrJ21WsWcp680PRk
User TimF
# create a file owned by BuzzTroll
$ ./bin/cloudfs-touch.sh BuzzTroll a_file /etc/group
# This creates an 'inode' in the system that references the data contained
# in the system file /etc/group
#
# now we check out its status
$ ./bin/cloudfs-stat.sh -a a_file
file type owner perms
a_file s3key BuzzTroll rwRW
BuzzTroll rwRW
# now lets let timf look at our file
$ ./bin/cloudfs-chmod.sh TimF a_file rw
changed a_file:s3key:None to rw for TimF
# and check the status again...
$ ./bin/cloudfs-stat.sh -a a_file
file type owner user perms
a_file s3key BuzzTroll BuzzTroll rwRW
BuzzTroll BuzzTroll rwRW
BuzzTroll TimF rw--
# this shows that both timf and buzztroll can access the file, but that
# buzztroll is the owner. Lastly, there is a program to list the files:
$ ./bin/cloudfs-ls.sh
s3key:a_file BuzzTroll /etc/group None
User/Alias Relationship
=======================
In this system there is a notion of a canonical user (hearafter just
User). This is a single nimbus user. In a simple sense it can be
thought of as a 'person'. Each user may have many different credentials
and each credential is a way of accessing the system. For example, a
User may have a DOE x509 certificate, a unix account user name and
password, and a symentric key pair (akin to those used by s3). The User
should be able to access their nimbus account information with anyone of
these credentials (at least until an admin disallows some). We
accomplish this task with 'Aliases'.
An alias can be through of as a Users account, or better yet, as a
User's credential to access their account. All access is achieved via
some Alias. Once confirmed the canonical User associated with the alias
is looked up and associated with that canonical user are various rights.
The canonical user table is below:
create table users_canonical(
id char(36) PRIMARY KEY,
friendly_name varchar(64)
);
The table is *very* simple because all it truely needs to be is a unique
ID. It is simply a way to distinguish one User from all others. There
is a friendly name in the table for the admins convenience. The end
user will probably never care about this table at all because all of
their interactions with the system will be by way of the Alias.
However, an admin might want a nice way to list out users.
Now lets take a look at the Alias table:
create table user_alias(
id INTEGER PRIMARY KEY AUTOINCREMENT,
user_id char(36) REFERENCES users_canonical(id) NOT NULL,
alias_name varchar(64),
friendly_name varchar(128),
alias_type INTEGER REFERENCES user_alias_types(id) NOT NULL,
alias_type_data varchar(1024),
UNIQUE(alias_name, alias_type)
);
Here we see that this table references the users_canonical table. One
users_canonical can have many user_alias associated with it. Each
user_alias row is uniquely identified by its alias_name, and alias_type.
The alias_name is basically the account name for a give alias_type. an
alias_type is an extendable enumeration known to the system. Here are a
few examples:
alias_name | alias type
----------------------------------------
bresnaha | UNIX
mM9II2KiZl6dlr... | s3
/DC=org/DC=doeg... | DOE_Cert
Each row also has a friendly name which is intended to be used for some
sort of display name. In the case of a UNIX account the alias_name is
friendly enough, but in the case of a s3 account their is a 'display
name' associated with the account (typically an email address). The
friendly name is used to support such things.
The final field is 'alias_type_data'. This field is used to store type
specific data. Its format is defined by the specific alias type. In the
case of the UNIX type this is a password hash. For s3 it is a secret
key.