hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Lamb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6705) Create an XAttr that disallows the HDFS admin from accessing a file
Date Thu, 28 Aug 2014 11:57:08 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14113688#comment-14113688

Charles Lamb commented on HDFS-6705:


if the super user is the owner, then it can't access the file?

Yes, that's the intended behavior.

    It is settable by any user which has hdfs access to that file.
    It can only be set and never removed.

Then any user who has hdfs access can easily prevent HDFS admin to access file and the admin
can't access that file any more. Could we find a better way?

The xattr only prevents read access to the contents and is specifically intended to prevent
the superuser from accessing the file. I realize that the current patch prevents read and
write access to the file. Based on [~andrew.wang]'s comments, I'm going to change it to only
restrict read access, not write access. The superuser will still have access to the meta data
(xattrs, perms, etc.) so they can chown, chmod, etc.

It's unfortunate that the superuser could lock themselves out of a file, but it needs to be
that way or else the root could just chown a users file to root and then read it.

> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>                 Key: HDFS-6705
>                 URL: https://issues.apache.org/jira/browse/HDFS-6705
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>    Affects Versions: 3.0.0
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6705.001.patch
> There needs to be an xattr that specifies that the HDFS admin can not access a file.
This is needed for m/r delegation tokens and data at rest encryption.

This message was sent by Atlassian JIRA

View raw message