Return-Path: X-Original-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 06FDE17D55 for ; Fri, 6 Nov 2015 11:02:29 +0000 (UTC) Received: (qmail 5731 invoked by uid 500); 6 Nov 2015 11:02:28 -0000 Delivered-To: apmail-hadoop-hdfs-dev-archive@hadoop.apache.org Received: (qmail 5593 invoked by uid 500); 6 Nov 2015 11:02:28 -0000 Mailing-List: contact hdfs-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-dev@hadoop.apache.org Received: (qmail 5317 invoked by uid 99); 6 Nov 2015 11:02:27 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Nov 2015 11:02:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2CF10180A03 for ; Fri, 6 Nov 2015 11:02:27 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.898 X-Spam-Level: ** X-Spam-Status: No, score=2.898 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id nN2EfNu9AUF8 for ; Fri, 6 Nov 2015 11:02:26 +0000 (UTC) Received: from mail-io0-f177.google.com (mail-io0-f177.google.com [209.85.223.177]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 5B4702145E for ; Fri, 6 Nov 2015 11:02:26 +0000 (UTC) Received: by ioc74 with SMTP id 74so54653204ioc.2 for ; Fri, 06 Nov 2015 03:02:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=9YKiLxeGAwpYVZWh/FfReFEvdNkTi5cBtIc8a2la/hE=; b=SgpQoLKfLabi0hem5b2q0yHf+ywmvmmcrOs6UhYW7WFYEI0NpT7LKzP9IF4PHHlVI7 oxUoeI553s1OuYXxrdGUcJlLICvjiULBpcEgWsmCtJMejGd1T61coc2mJceoQdW5CEXK ShO38FIp+4UDmJTkOCoR2iVo4cS5gGnDBA9IS4CaYERIFfV/DX7bNrUvOJUfu+gbaTmY Q6INw0QJl+YS9eLJy8/hesBTFlO7F61wfPYGwIro18jqyMGTBP45wZgdTYxzNDl7jukl cSxkhamjNK6rfoVD/gPanGnCkuoCubkHIg5yfXyXgvCLfhF3ji9mIu5BCU7zhTIwVOFm hhQQ== MIME-Version: 1.0 X-Received: by 10.107.19.219 with SMTP id 88mr16728054iot.41.1446807745853; Fri, 06 Nov 2015 03:02:25 -0800 (PST) Received: by 10.107.10.170 with HTTP; Fri, 6 Nov 2015 03:02:25 -0800 (PST) Date: Fri, 6 Nov 2015 16:32:25 +0530 Message-ID: Subject: ReadOnly WebHDFS From: Laxman Ch To: hdfs-dev@hadoop.apache.org Content-Type: multipart/alternative; boundary=001a113f94bebffc820523dd2d31 --001a113f94bebffc820523dd2d31 Content-Type: text/plain; charset=UTF-8 Hi, We run a cluster with security set to simple. Also, to some users, we had provided http access to HDFS via HttpFS gateways. However, this is not scaling and we are suffering from HttpFs gateway choking problem. So, we wanted to enable WebHDFS directly on hadoop. But this brings in the problem of security. Any user can simply delete anything. And, we can't enable immediately enable kerberos security in production. How about introducing a configuration to make WebHDFS readonly? We patched this in our clusters cleanly and its working. Please revert with your comments if its a good idea to push this to hadoop. If yes, I will create a jira and submit patch. -- Thanks, Laxman --001a113f94bebffc820523dd2d31--