hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christophe Taton (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-1298) adding user info to file
Date Mon, 30 Jul 2007 19:45:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12516498
] 

Christophe Taton commented on HADOOP-1298:
------------------------------------------

Hi all,

Here is how I plan to integrate permissions now:
 - add an AccessController that implements a generic interface like checkPermission(Action,
Principal, Filename), actions can be read, write, create, delete (copying how Permissions
work in the JDK).
 - insert checks in the FSNamesystem (or directly in NameNode? which one is better?).

However I need some feedback on how to implement checking for the file creation process as
this involves many successive operations. What are the checks you would see for these operations:
 - startFile: checkCreate
 - addBlock: checkCreate? what if the user is not allowed to create the file anymore?
 - abandonBlock: no check?
 - abandonFileInProgress: no check?
 - completeFile: checkCreate again?

Also for testing the existence of a file, what should be the behavior: when the parent directories
do not exist? when the principal is denied access to a parent directory?
 - exists: checkRead(most embedded existing parent directory)?

For all other operations, it seems straightforward to me, but I might be wrong, so here is
what I plan:
 - delete: checkDelete
 - getBlockSize: checkRead
 - getListing: checkRead
 - isDir: checkRead
 - mkdirs: checkCreate
 - renameTo: checkCreate and checkDelete
 - setReplication: checkWrite
 - getBlockLocations: checkRead

I do not plan to integrate checks on deprecated locking related functions.

Thanks for your comments,
Christophe T.


> adding user info to file
> ------------------------
>
>                 Key: HADOOP-1298
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1298
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: dfs, fs
>            Reporter: Kurtis Heimerl
>             Fix For: 0.15.0
>
>         Attachments: hadoop-dev-20070724-2349.patch.gz, hadoop-user-munncha.patch, hadoop-user-munncha.patch,
hadoop-user-munncha.patch, hadoop-user-munncha.patch10, hadoop-user-munncha.patch11, hadoop-user-munncha.patch12,
hadoop-user-munncha.patch13, hadoop-user-munncha.patch14, hadoop-user-munncha.patch15, hadoop-user-munncha.patch16,
hadoop-user-munncha.patch17, hadoop-user-munncha.patch4, hadoop-user-munncha.patch5, hadoop-user-munncha.patch6,
hadoop-user-munncha.patch7, hadoop-user-munncha.patch8, hadoop-user-munncha.patch9, hdfs-access-control.patch.gz,
layout20070725.patch
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is this change,
which associates user info with files. Following this I'll assoicate permissions info, then
block methods based on that user info, then authorization of the user info. 
> So, right now i've implemented adding user info to files. I'm looking for feedback before
I clean this up and make it offical. 
> I wasn't sure what release, i'm working off trunk. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message