hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-4359) Support for data access authorization checking on DataNodes
Date Thu, 30 Apr 2009 08:59:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-4359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704530#action_12704530

Hadoop QA commented on HADOOP-4359:

+1 overall.  Here are the results of testing the latest attachment 
  against trunk revision 770044.

    +1 @author.  The patch does not contain any @author tags.

    +1 tests included.  The patch appears to include 15 new or modified tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs warnings.

    +1 Eclipse classpath. The patch retains Eclipse classpath integrity.

    +1 release audit.  The applied patch does not increase the total number of release audit

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/console

This message is automatically generated.

> Support for data access authorization checking on DataNodes
> -----------------------------------------------------------
>                 Key: HADOOP-4359
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4359
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: at13.patch, at19.patch, at31.patch, at33.patch, at34.patch, at35.patch,
> Currently, DataNodes do not enforce any access control on accesses to its data blocks.
This makes it possible for an unauthorized client to read a data block as long as she can
supply its block ID. It's also possible for anyone to write arbitrary data blocks to DataNodes.

> When users request file accesses on the NameNode, file permission checking takes place.
Authorization decisions are made with regard to whether the requested accesses to those files
(and implicitly, to their corresponding data blocks) are permitted. However, when it comes
to subsequent data block accesses on the DataNodes, those authorization decisions are not
made available to the DataNodes and consequently, such accesses are not verified. Datanodes
are not capable of reaching those decisions independently since they don't have concepts of
files, let alone file permissions.
> In order to implement data access policies consistently across HDFS services, there is
a need for a mechanism by which authorization decisions made on the NameNode can be faithfully
enforced on the DataNodes and any unauthorized access is declined.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message