hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-12907) Allow read-only access to reserved raw for non-superusers
Date Wed, 06 Dec 2017 23:07:00 GMT
Daryn Sharp created HDFS-12907:

             Summary: Allow read-only access to reserved raw for non-superusers
                 Key: HDFS-12907
                 URL: https://issues.apache.org/jira/browse/HDFS-12907
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: namenode
    Affects Versions: 2.6.0
            Reporter: Daryn Sharp

HDFS-6509 added a special /.reserved/raw path prefix to access the raw file contents of EZ
files.  In the simplest sense it doesn't return the FE info in the {{LocatedBlocks}} so the
dfs client doesn't try to decrypt the data.  This facilitates allowing tools like distcp to
copy raw bytes.

Access to the raw hierarchy is restricted to superusers.  This seems like an overly broad
restriction designed to prevent non-admins from munging the EZ related xattrs.  I believe
we should relax the restriction to allow non-admins to perform read-only operations.  Allowing
non-superusers to easily read the raw bytes will be extremely useful for regular users, esp.
for enabling webhdfs client-side encryption.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message