hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ben.cotton@lehman.com" <benjamin.cot...@lehman.com>
Subject Re: How to configure read/write/execute ACLs ?
Date Wed, 02 Dec 2009 14:47:20 GMT

Thanks for this response, and the reference to your ApacheCon 
presentation on Hadoop Security (lack of).   It would seem that the 
conventions being used in conf/hadoop-policy.xml might be a basis to 
provide a user/role level ACL capability in Hadoop.  In the meantime, we 
will follow your suggested strategy to provision users only on grids 
with data they can use.

>> How do I configure Hadoop ACLs to specify a uid's  read/write/execute
>> privileges?
> If I parse your question correctly, you want to limit certain uids to
> have only be able to read or write certain data?  That functionality doesn't exist. 
The permission system is mainly to prevent accidents; it is not real security. [Uids are trivial
to forge. See my "Hadoop 24/7" slide deck from Apachecon EU for more on Hadoop's busted security

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message