hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rushabh S Shah (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12907) Allow read-only access to reserved raw for non-superusers
Date Wed, 13 Dec 2017 16:36:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289490#comment-16289490
] 

Rushabh S Shah commented on HDFS-12907:
---------------------------------------

All of the test failures are due to {{unable to create new native thread}} except the ones
listed below.
1. TestUnderReplicatedBlocks#testSetRepIncWithUnderReplicatedBlocks: The test timed out. Tracked
by HDFS-9243
2. TestDecommissioningStatus#testDecommissionLosingData: It failed with following error message.
{noformat}
Problem binding to [localhost:60134] java.net.BindException: Address already in use; For more
details see:  http://wiki.apache.org/hadoop/BindException
{noformat}

It passes locally on my machine.
{noformat}
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.hadoop.hdfs.server.namenode.TestDecommissioningStatus
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 42.331 s - in org.apache.hadoop.hdfs.server.namenode.TestDecommissioningStatus
{noformat}

Regarding checkstyle issues.
6 of 8 warnings are due to identation of switch statements.
Will fix the remaining 2 in next revision.

As always, findbugs warning is not related to the patch.
Tracked by HDFS-12915

[~daryn]: please review. This patch is blocking HDFS-12574.

> Allow read-only access to reserved raw for non-superusers
> ---------------------------------------------------------
>
>                 Key: HDFS-12907
>                 URL: https://issues.apache.org/jira/browse/HDFS-12907
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.6.0
>            Reporter: Daryn Sharp
>            Assignee: Rushabh S Shah
>         Attachments: HDFS-12907.001.patch, HDFS-12907.002.patch, HDFS-12907.003.patch,
HDFS-12907.patch
>
>
> HDFS-6509 added a special /.reserved/raw path prefix to access the raw file contents
of EZ files.  In the simplest sense it doesn't return the FE info in the {{LocatedBlocks}}
so the dfs client doesn't try to decrypt the data.  This facilitates allowing tools like distcp
to copy raw bytes.
> Access to the raw hierarchy is restricted to superusers.  This seems like an overly broad
restriction designed to prevent non-admins from munging the EZ related xattrs.  I believe
we should relax the restriction to allow non-admins to perform read-only operations.  Allowing
non-superusers to easily read the raw bytes will be extremely useful for regular users, esp.
for enabling webhdfs client-side encryption.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message