hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Lamb (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-6705) Create an XAttr that disallows the HDFS admin from accessing a file
Date Mon, 18 Aug 2014 14:16:22 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Charles Lamb updated HDFS-6705:

    Attachment: HDFS-6705.001.patch

The attached patch implements the following:

. A new special xattr in the security namespace: security.hdfs.unreadable.by.superuser which
prevents the superuser from accessing (read/write/append) the file contents or its metadata

. It can only be set on files.

. It can only be set and never removed.

. It is settable by any user which has hdfs access to that file.

. It is name-only. i.e. it can never have a value.

. Anyone can "list" it.

> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>                 Key: HDFS-6705
>                 URL: https://issues.apache.org/jira/browse/HDFS-6705
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6705.001.patch
> There needs to be an xattr that specifies that the HDFS admin can not access a file.
This is needed for m/r delegation tokens and data at rest encryption.

This message was sent by Atlassian JIRA

View raw message