hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-4368) Superuser privileges required to do "df"
Date Mon, 08 Dec 2008 16:52:44 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-4368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12654457#action_12654457
] 

Tsz Wo (Nicholas), SZE commented on HADOOP-4368:
------------------------------------------------

> I want to connect to Hadoop as superuser/supergroup, ...

This sounds impossible or should not be allowed.  Otherwise, it is very easy to hack the system.

Currently, the superusers are either the user starting the namenode or the users who belong
to the group specified by the conf property dfs.permissions.supergroup (the default is "supergroup").
 There is no way for clients to get the superuser accounts in runtime.

See also http://hadoop.apache.org/core/docs/r0.19.0/hdfs_permissions_guide.html#The+Super-User

> Superuser privileges required to do "df"
> ----------------------------------------
>
>                 Key: HADOOP-4368
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4368
>             Project: Hadoop Core
>          Issue Type: Wish
>          Components: contrib/fuse-dfs, dfs
>    Affects Versions: 0.18.1
>            Reporter: Brian Bockelman
>            Priority: Minor
>         Attachments: fuse_statfs.patch, fuse_statfs_trunk.patch
>
>   Original Estimate: 0.17h
>  Remaining Estimate: 0.17h
>
> super user privileges are required in DFS in order to get the file system statistics
(FSNamesystem.java, getStats method).  This means that when HDFS is mounted via fuse-dfs as
a non-root user, "df" is going to return 16exabytes total and 0 free instead of the correct
amount.
> As far as I can tell, there's no need to require super user privileges to see the file
system size (and historically in Unix, this is not required).
> To fix this, simply comment out the privilege check in the getStats method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message