hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6705) Create an XAttr that disallows the HDFS admin from accessing a file
Date Wed, 03 Sep 2014 18:30:52 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14120217#comment-14120217
] 

Alejandro Abdelnur commented on HDFS-6705:
------------------------------------------

I would keep this simple, a UNREADABLE_BY_SUPERUSER xattr, that is settable only (cannot be
removed) and it works on ALL files (regardless of HDFS encryption), it prevent a superuser
from opening the file.

> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>
>                 Key: HDFS-6705
>                 URL: https://issues.apache.org/jira/browse/HDFS-6705
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode, security
>    Affects Versions: 3.0.0
>            Reporter: Charles Lamb
>            Assignee: Charles Lamb
>         Attachments: HDFS-6705.001.patch, HDFS-6705.002.patch, HDFS-6705.003.patch
>
>
> There needs to be an xattr that specifies that the HDFS admin can not access a file.
This is needed for m/r delegation tokens and data at rest encryption.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message