hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Lamb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6509) create a /.reserved/raw filesystem namespace
Date Tue, 22 Jul 2014 22:08:38 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14071010#comment-14071010
] 

Charles Lamb commented on HDFS-6509:
------------------------------------

bq. So let me apologize in advance. But this jira makes me wonder: what happens when a non-admin
uses distcp? .e.g., a lot of systems are configured that don't allow HDFS to run MR jobs.
Will they not be allowed to distcp encrypted data?

Hi Allen,

No problem on not following closely. I see you've been very busy sifting through a lot of
old Jiras.

The doc on HDFS-6509 has more details, but the net of it is that non-admin users may use distcp.
This was a goal of our design.

The /.reserved/raw namespace is accessible by non-admin users and normal permissions apply.
Using that hierarchy only results in seeing the encrypted (raw) bytes of a file.



> create a /.reserved/raw filesystem namespace
> --------------------------------------------
>
>                 Key: HDFS-6509
>                 URL: https://issues.apache.org/jira/browse/HDFS-6509
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6509.001.patch, HDFS-6509distcpandDataatRestEncryption-2.pdf,
HDFS-6509distcpandDataatRestEncryption.pdf
>
>
> This is part of the work for making distcp work with Data at Rest Encryption. Per the
attached document, create a /.reserved/raw HDFS filesystem namespace that allows access to
the encrypted bytes of a file.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message