hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shin Chan" <had...@gmx.com>
Subject Re: Securing cluster from access
Date Fri, 28 Sep 2012 09:45:31 GMT
Hello Bertrand ,

 Thanks for your reply.

 Apology if this confused you. Yes IP Tables is one of the way to go but my question is more
if there is configuration within hadoop xml files to say if this user is there then only allow
to see HDFS.

 I can see that we can do something for Map reduce jobs using acl properties ( old link for
1.x version)

 http://hadoop.apache.org/docs/r1.0.3/service_level_auth.html

 But does similar properties exists for HDFS side , where Namednode can see that this client
is allowed to connect to cluster

 Thanks

----- Original Message -----
From: Bertrand Dechoux
Sent: 09/28/12 07:34 PM
To: user@hadoop.apache.org
Subject: Re: Securing cluster from access

 What you are looking for is not related to Hadoop in the end. It is how to restrict requests
in a network.
 'Firewall' is a broad term. iptables can allow you to do so quickly. You drop everything
and then accept only from a set of IPs.
 You may receive answers using this mailing list but its purpose is not really to discuss
about firewall solutions and configurations.

 Regards

 Bertrand

 On Fri, Sep 28, 2012 at 11:23 AM, Shin Chan < hadoop@gmx.com > wrote:
Hello,

 We have 15 node cluster and right now we dont have Kerberos implemented.

 But on urgent basis we want to secure the cluster.

 Right now anyone who know IP of Namenode can just download the Hadoop jar , configure xml
files and say

 hadoop fs -ls /

 And he can see the data.

 How to stop this ?

 We have Hadoop 2.0 verison

 Do we have any configuration settings which we can change so that only set of users or set
of IPs should be able to see the HDFS.

 We dont have firewall implemented yet outside cluster so that is not an option.

 Thanks in advance for your help


 --
 Bertrand Dechoux



Thanks and Regards ,

Mime
View raw message