hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjay Radia (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8101) Security changes for Hadoop for Windows
Date Fri, 30 Mar 2012 05:11:16 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242068#comment-13242068
] 

Sanjay Radia commented on HADOOP-8101:
--------------------------------------

Background: Hadoop has secure and non-secure mode - authorization is performed in both modes.
The difference is how authentication is done.

3 Problems
* Problem 1: Group Mappings for HDFS
    HDFS file permissions are implemented inside HDFS  - there is no interaction with the
local file system in order to implement these permissions. However,  HDFS needs a user-to-group
mapping. Currently there is a pluggable module for obtaining a mapping via LDap and via shell
commands. We need a group mapping for windows.

* Problem 2: HDFS and MR Impl Protecting its local OS resources from Tasks
Hadoop impl uses local OS resources such as files and tasks. Hadoop protects these resources
from tasks that run on the same hosts. HDFS and MR daemons uses local files & dirs and
sets permissions when creating dirs/file and later on checks these permissions. For example,
a Datanode sets the permission of its "block dirs" to be unreadable by others when it formats
a data node. In some cases the permissions are set using a RawLocalFileSystem's permissions.
We need a way to set such protections for windows.

* Problem 3: Permissions for RawLocalFileSystem when using Hadoop on a local desktop (no HDFS
is involved here). 
We need to emulate  set-permissions and get-permissions APIs of the class FileSystem.java
when the local file system and desktop are windows.   Hadoop FileSystem permission are the
same as those in Unix.
                
> Security changes for Hadoop for Windows
> ---------------------------------------
>
>                 Key: HADOOP-8101
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8101
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: native
>            Reporter: Sanjay Radia
>         Attachments: security.patch, security1.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message