hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ben.cotton@lehman.com" <benjamin.cot...@lehman.com>
Subject Re: How to configure read/write/execute ACLs ?
Date Wed, 02 Dec 2009 14:47:20 GMT

Thanks for this response, and the reference to your ApacheCon 
presentation on Hadoop Security (lack of).   It would seem that the 
conventions being used in conf/hadoop-policy.xml might be a basis to 
provide a user/role level ACL capability in Hadoop.  In the meantime, we 
will follow your suggested strategy to provision users only on grids 
with data they can use.


>   
>> How do I configure Hadoop ACLs to specify a uid's  read/write/execute
>> privileges?
>>     
>
> If I parse your question correctly, you want to limit certain uids to
> have only be able to read or write certain data?  That functionality doesn't exist. 
The permission system is mainly to prevent accidents; it is not real security. [Uids are trivial
to forge. See my "Hadoop 24/7" slide deck from Apachecon EU for more on Hadoop's busted security
model.]
>
>
>   

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message