hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6826) Plugin interface to enable delegation of HDFS authorization assertions
Date Mon, 11 Aug 2014 17:50:13 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14093045#comment-14093045
] 

Daryn Sharp commented on HDFS-6826:
-----------------------------------

I understand the motivation but there has to be a better approach.  Isn't this akin to a nfs
server or ext4 basing its permission model on a mysql query to access raw mysql files?

Every external dependency introduces latency and additional HA concerns.  Tying up handlers,
whether or not the fsn lock is held, during an operation is very dangerous and unacceptable
for the reasons I originally cited.  Currently non-local edit logs, ex. shared nfs edit dir
or journal node, are the only external dependency (I'm aware of).  This critical dependency
is unavoidable for durability and consistency.

However, if an external service exposing data entities in hdfs uses a supplemental authz scheme,
it should be its responsibility to arbitrate access if fs-level permissions are insufficient.

> Plugin interface to enable delegation of HDFS authorization assertions
> ----------------------------------------------------------------------
>
>                 Key: HDFS-6826
>                 URL: https://issues.apache.org/jira/browse/HDFS-6826
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HDFSPluggableAuthorizationProposal.pdf
>
>
> When Hbase data, HiveMetaStore data or Search data is accessed via services (Hbase region
servers, HiveServer2, Impala, Solr) the services can enforce permissions on corresponding
entities (databases, tables, views, columns, search collections, documents). It is desirable,
when the data is accessed directly by users accessing the underlying data files (i.e. from
a MapReduce job), that the permission of the data files map to the permissions of the corresponding
data entity (i.e. table, column family or search collection).
> To enable this we need to have the necessary hooks in place in the NameNode to delegate
authorization to an external system that can map HDFS files/directories to data entities and
resolve their permissions based on the data entities permissions.
> I’ll be posting a design proposal in the next few days.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message