Return-Path: Delivered-To: apmail-lucene-hadoop-dev-archive@locus.apache.org Received: (qmail 17690 invoked from network); 13 Sep 2007 21:01:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Sep 2007 21:01:13 -0000 Received: (qmail 99591 invoked by uid 500); 13 Sep 2007 21:01:05 -0000 Delivered-To: apmail-lucene-hadoop-dev-archive@lucene.apache.org Received: (qmail 99560 invoked by uid 500); 13 Sep 2007 21:01:05 -0000 Mailing-List: contact hadoop-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hadoop-dev@lucene.apache.org Delivered-To: mailing list hadoop-dev@lucene.apache.org Received: (qmail 99551 invoked by uid 99); 13 Sep 2007 21:01:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Sep 2007 14:01:05 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Sep 2007 21:01:11 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id C4383714219 for ; Thu, 13 Sep 2007 14:00:50 -0700 (PDT) Message-ID: <32191263.1189717250801.JavaMail.jira@brutus> Date: Thu, 13 Sep 2007 14:00:50 -0700 (PDT) From: "Raghu Angadi (JIRA)" To: hadoop-dev@lucene.apache.org Subject: [jira] Commented: (HADOOP-1298) adding user info to file In-Reply-To: <19079061.1177545795510.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527257 ] Raghu Angadi commented on HADOOP-1298: -------------------------------------- bq. Ok, I'll see how to move all permission checks into synchronized blocks so as to ensure consistency. Thanks for pointing this out! Could you outline briefly how you plan to do this once you come up with an approach. I think extracting the HDFS specific 'Subject' (user and group) and any other generic authentication related checks can be done before the actual 'action' outside the namesapce lock. And actual permission check would be very simple and lightweight.. the permission check is mostly our own code instead of the 'Java Security' stuff. This way all the processing that is specific to authentication module used happens outside the Namesystem. > adding user info to file > ------------------------ > > Key: HADOOP-1298 > URL: https://issues.apache.org/jira/browse/HADOOP-1298 > Project: Hadoop > Issue Type: New Feature > Components: dfs, fs > Reporter: Kurtis Heimerl > Assignee: Christophe Taton > Fix For: 0.15.0 > > Attachments: 1298_2007-09-06b.patch, 1298_2007-09-07g.patch, hadoop-user-munncha.patch17 > > > I'm working on adding a permissions model to hadoop's DFS. The first step is this change, which associates user info with files. Following this I'll assoicate permissions info, then block methods based on that user info, then authorization of the user info. > So, right now i've implemented adding user info to files. I'm looking for feedback before I clean this up and make it offical. > I wasn't sure what release, i'm working off trunk. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.