[
https://issues.apache.org/jira/browse/HADOOP-15600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16556907#comment-16556907
]
Eric Yang commented on HADOOP-15600:
------------------------------------
[~daryn] Thank you for your reply, but not everyone has the time to dedicate
their life into serving the servers to tweak every configuration to keep the
cluster secure. Hadoop has become difficult to secure because the default
configuration is open. It is arguing against common sense that anyone who
tries to deploy a Hadoop cluster must be a Hadoop security expert before they
can deploy. There are already bots developed to attack Hadoop clusters. It is
not practical to demand users to have the perfect configuration before they can
start any Hadoop daemon. Bigtop and Ambari already have default proxy user
configuration. It would be equally dangerous to run without proxy user
configuration because node manager would be able to read/write data node blocks
when they are owned by the same user. What do you think people do when they
deploy KMS? Do they deploy KMS server as hdfs user or another user? There are
scenarios that have blurry and vague suggestions and we both know that you
don't have all answers. The community needs to reach a better default settings
and tighten security in code to help new users fend off bot attacks. This is
the intend of the JIRA. It would not be productive to start religious debate
that admin != root. Please keep the discussion civil. Thanks
> Set default proxy user settings to non-routable IP addresses and default
> users group
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-15600
> URL: https://issues.apache.org/jira/browse/HADOOP-15600
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Eric Yang
> Priority: Major
>
> The default setting to restrict the cluster nodes to communicate with peer
> nodes are controlled by: hadoop.proxyuser.[hdfs.yarn].hosts, and
> hadoop.proxyuser.[hdfs|yarn].groups. These settings are default to be opened
> which allows any hosts to impersonate any user.
> The proposal is to default settings to:
> {code}
> <property>
> <name>hadoop.proxyuser.hdfs.hosts</name>
>
> <value>127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16</value>
> </property>
> <property>
> <name>hadoop.proxyuser.hdfs.groups</name>
> <value>users</value>
> </property>
> <property>
> <name>hadoop.proxyuser.yarn.hosts</name>
>
> <value>127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16</value>
> </property>
> <property>
> <name>hadoop.proxyuser.yarn.groups</name>
> <value>users</value>
> </property>
> {code}
> This will allow the cluster to default to a closed network and default
> "users" group to reduce risks.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
