hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6127) The real user name should be used by bin/hadoop fs (ie. FsShell) instead of the one in the configuration.
Date Mon, 06 Jul 2009 17:13:14 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727624#action_12727624
] 

Todd Lipcon commented on HADOOP-6127:
-------------------------------------

How can you get the "real" username without being subject to spoofing? It seems to me that
the user can always play LD_PRELOAD tricks so that the call out to "whoami" goes to "evil-whoami.sh".
Without something like identd or real token-based authentication I don't know that it's really
possible to add any security here.

> The real user name should be used by bin/hadoop fs (ie. FsShell) instead of the one in
the configuration.
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6127
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6127
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>            Reporter: Owen O'Malley
>
> The real user name should be used by FsShell instead of the one in the configuration.
This will make it a tiny bit harder for someone to pretend to be someone else to the file
system.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message