[
https://issues.apache.org/jira/browse/HADOOP-6568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod K V updated HADOOP-6568:
------------------------------
Attachment: HADOOP-6568-20100216.txt
Here's a patch that demonstrates the proposal:
- {{hadoop.http.administrators-acl}} is a new configuration in
core-default.xml. It is the ACL against which a authenticated user will be
verified. Authenticated user identity is assumed to be obtainable via
{{request.getRemoteUser()}}
- All the default servlets are modified in this patch to do the access control
checks.
- If we agree on this configuration in 'common' itself, other configuration
properties can be deprecated in favour of this:
{{dfs.permissions.superusergroup}} in HDFS and
{{mapred.permissions.supergroup}} in MAPRED.
> Authorization for default servlets
> ----------------------------------
>
> Key: HADOOP-6568
> URL: https://issues.apache.org/jira/browse/HADOOP-6568
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Vinod K V
> Fix For: 0.22.0
>
> Attachments: HADOOP-6568-20100216.txt
>
>
> We have the following default servlets: /logs, /static, /stacks, /logLevel,
> /metrics, /conf. Barring "/static", rest of the servlets provide information
> that is only for administrators. In the context of security for the
> web-servlets, we need protected access to these pages.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
