hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11723) Should log a warning message when users try to make certain directories encryption zone
Date Mon, 01 May 2017 22:18:04 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991659#comment-15991659
] 

Andrew Wang commented on HDFS-11723:
------------------------------------

Hi [~vagarychen], thanks for the comment,

Whether or not it's a good idea depends on the application being run. Apps that run against
the FileSystem API directly don't use trash. A normal user is also typically working within
their home directory. In these cases, it's fine to make /user or /user/$USER an EZ. I'd even
go as far as saying that per-user EZs might be recommended for better security.

This is why I'd prefer we handle this in docs. We have a small section on "Rename and Trash
considerations" which could be expanded to describe some example multi-EZ or nested EZ setups,
and talk about the effect on different apps like Hive, Pig, etc. We lack a good set of recommendations
in the upstream docs.

> Should log a warning message when users try to make certain directories encryption zone
> ---------------------------------------------------------------------------------------
>
>                 Key: HDFS-11723
>                 URL: https://issues.apache.org/jira/browse/HDFS-11723
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: encryption, hdfs-client
>            Reporter: Chen Liang
>            Assignee: Chen Liang
>            Priority: Minor
>
> If a user tries to make the entire /user directory an encryption zone, and if trash is
enabled, there will be problem when the user tries to delete unencrypted files outside /user.
The problem will happen even with the fix in HDFS-8831. So we should log a WARN message when
users try to make such directories encryption zone. Such directories include:
> {{/user}}, 
> {{/user/$user}} 
> {{/user/$user/.Trash}}
> Thanks [~xyao] for the offline discussion.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message