hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rushabh S Shah (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-12907) Allow read-only access to reserved raw for non-superusers
Date Wed, 13 Dec 2017 00:27:00 GMT

     [ https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rushabh S Shah updated HDFS-12907:
----------------------------------
    Attachment: HDFS-12907.003.patch

Attaching a new patch.
Following comments are addressed.
1. Allowing user to see raw xattrs if they have read access.
2. Added test to verify that user who don't have access are not allowed to getattr.
3. Fixed the switch statement indentation.

> Allow read-only access to reserved raw for non-superusers
> ---------------------------------------------------------
>
>                 Key: HDFS-12907
>                 URL: https://issues.apache.org/jira/browse/HDFS-12907
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.6.0
>            Reporter: Daryn Sharp
>            Assignee: Rushabh S Shah
>         Attachments: HDFS-12907.001.patch, HDFS-12907.002.patch, HDFS-12907.003.patch,
HDFS-12907.patch
>
>
> HDFS-6509 added a special /.reserved/raw path prefix to access the raw file contents
of EZ files.  In the simplest sense it doesn't return the FE info in the {{LocatedBlocks}}
so the dfs client doesn't try to decrypt the data.  This facilitates allowing tools like distcp
to copy raw bytes.
> Access to the raw hierarchy is restricted to superusers.  This seems like an overly broad
restriction designed to prevent non-admins from munging the EZ related xattrs.  I believe
we should relax the restriction to allow non-admins to perform read-only operations.  Allowing
non-superusers to easily read the raw bytes will be extremely useful for regular users, esp.
for enabling webhdfs client-side encryption.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message