hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Palleti, Pallavi" <pallavi.pall...@corp.aol.com>
Subject Remote access to cluster using user as hadoop
Date Thu, 23 Jul 2009 04:49:39 GMT
Hi all,


We figured out that anyone who have configured their local hadoop with
remote cluster hadoop details and having user name as hadoop can get
administrative rights  of the cluster. For example, if I create an user
as hadoop locally in my machine and have conf directory details from the
cluster running remotely, I can run "hadoop fs -rmr /data/" which can
remove all the data available in the remote cluster at /data. I found
this as a serious security vulnerable as anyone can do anything on the
cluster as long as they know the configuration details (hadoop-site.xml
etc).  Could someone explain me  if there is a way to avoid these kind
of scenarios? Otherwise, what should be the best practice?




  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message